Dear All,
Does OpenBSD 7.2 PF support *SIIT* (RFC 7915, also called stateless NAT64)?
If yes, how can I set it?
I tried to set it similarly to stateful NAT64, but specifying "no
state". However, it resulted in error messages:
p095# pfctl -f /etc/pf-set-siit
/etc/pf-set-siit:20: nat-to and rdr-to require keep state
/etc/pf-set-siit:20: skipping rule due to errors
/etc/pf-set-siit:20: rule expands to no valid combination
pfctl: Syntax error in config file: pf rules not loaded
p095# cat /etc/pf-set-siit
# $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf
set skip on lo
block return # block stateless traffic
pass # establish keep-state
# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010
# Port build user does not need network
block return out log proto {tcp udp} user _pbuild
# Set stateful NAT64 here
set skip on bge0 # protect ssh
set limit states 1000000 # 1M
set timeout interval 3600 # one hour
pass in on ix0 inet6 from any to 64:ff9b::/96 af-to inet from 198.19.0.1
*no state*
Previously, I used the same content of the pf.conf file for setting
*stateful NAT64*, but without the ending "no state". (Stateful NAT64
worked correctly with OpenBSD 7.1, form which I upgraded to 7.2.)
Thank you very much for your help in advance!
Best regards,
Gábor
No comments:
Post a Comment