LarvitzMar 8

Nice! NAT64 in action, My IPv6-only jail can successfully talk with Github. No tayga, just the new "af-to" feature, that the "pf" firewall got in 15.0-RELEASE:

pass in quick on bastille0 inet6 from $jail_net to 64:ff9b::/96 \
af-to inet from ($ext_if) keep state

This is genuinly nice! 🙂

#freebsd #networking #pf #nat64 #ipv6

Show threadPeter Wemm
I should take another look at this. Tayga does a bunch of internal packet level impedance matching beyond simply rewriting the header. Presumably af-to takes care of all of that unpleasant conversion stuff?
Mar 11 at 5:33amWeb
Show threadLarvitz5d ago
@karinjiri Yes, af-to "just works" 🙂