Comments (5)
abelbeck
commented on July 16, 2024
If you are talking about NPTv6 (Network Prefix Translation) for IPv6, here is an AIF plugin the AstLinux project created:
https://github.com/astlinux-project/astlinux/tree/master/package/arnofw/net-prefix-translation
from aif.
nimbius
commented on July 16, 2024
Fascinating! I had considered NPT to have been abandoned some time ago. its a solution I hadnt considered. Thank you so much for this!!
from aif.
arnova
commented on July 16, 2024
@abelbeck : Can we integrate this into mainline AIF?
from aif.
abelbeck
commented on July 16, 2024
@arnova : We could include this into mainline AIF, but the problem this plugin solves can get somewhat complicated since the GUA prefix is often defined by some DHCPv6 client. The AstLinux project calls this plugins' status in the DHCPv6 client's action script to adapt to any changes in the DHCPv6-PD assignment:
https://github.com/astlinux-project/astlinux/blob/master/package/wide-dhcpv6/dhcp6c.script#L145
This plugin also uses the netcalc command, but I think that is commonly available, also around a 3.10.x or later kernel is needed for IPv6 NAT support.
But, understanding ULA's and GUA prefixes is not common knowledge until a person is forced to use them. @arnova it would be best if you had a use-case for this plugin so you can also understand the nuances.
Personal example:
My edge router runs AstLinux and I also run a network-failover AstLinux on a cloud Linode instance. My ISP supplies a /56 GUA prefix via DHCPv6-PD. All my internal IPv6 networks use a ULA prefix I generated. The Linode AstLinux connects on network-failover using WireGuard over 4G/LTE. The Linode instance has a static /56 GUA prefix (I had to request it via Linode support). Each AstLinux has the net-prefix-translation AIF plugin configured, the Linode AstLinux is simple since the GUA is static, the local AstLinux must extract the ISP assigned /56 GUA prefix via the net-prefix-translation AIF plugin.
This works great for me, when a network-failover occurs, IPv6 seamlessly works because of the edge NPTv6 to different GUA prefixes and no internal GUA's only ULA prefixes.
Additional note, my 4G/LTE is currently IPv4-only, but using WireGuard over it not only secures the traffic but also adds transport support for dual stack IPv4/IPv6 :-)
from aif.
arnova
commented on July 16, 2024
@abelbeck : Thanks for the explanation. The problem is that I still don't have a full IPv6 environment I can test things with. So testing something like this is a bit of a problem. Also my knowledge about these (exotic?) IPv6 things is rather limited.
from aif.
Related Issues (20)
- Opening ports on specific IP HOT 1
- Country blocking HOT 2
- ipv6nd_sendadvertisement not permitted HOT 2
- FTP - can't retrieve directory HOT 8
- Any way to prevent all logging? HOT 5
- Error: either "to" is duplicate, or "equalize" is garbage HOT 5
- Plugin loopback_nat not loading properly? HOT 1
- Missing support for docker HOT 3
- support for AnyIP? HOT 1
- No iptables/ip6tables found at Debian 10 (2021/03/26) HOT 8
- IPSET/NETSET support in HOST_OPEN_TCP HOT 2
- aif 2.03 doesn't start on debian buster HOT 5
- Ubuntu 22.04 with libvirtd, the bridge interface 'virbr0' does not start automatically HOT 3
- AIF falling back to conntrack legacy automatic helper in Debian with kernel 6.0 and higher HOT 5
- nftables as aif backend HOT 1
- Disable "Dropped INPUT packet" logging? HOT 5
- AIF blocking nimble HOT 2
- Pings on the internal network to the firewall server are being blocked. HOT 5
- # Warning: iptables-legacy tables present, use iptables-legacy-save to see them HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aif.