IPFW Does FreeBSD ipfw Support Kernel NAT for IPv6?

[ParvalSky]

Hello everyone,

I've thoroughly studied the content about the ipfw firewall in the FreeBSD Handbook and man pages. However, I still can't find clear information on whether ipfw supports in-kernel NAT (NAT66) for IPv6.

I attempted to configure IPv6 NAT in a similar way to how I configure IPv4 NAT, but unfortunately, my efforts were in vain. I'm really curious to know if ipfw does support kernel - level NAT for IPv6.

I understand that, theoretically, IPv6 doesn't require NAT due to its vast address space. Nevertheless, I believe that in a virtualized environment, using NAT66 during IPv6 configuration would bring more convenience.

Could anyone kindly provide some insights on this matter? Thank you!

 

[driesm]

The NAT you know from IPv4, one address to many, IPFW does NOT support that for IPv6 but PF does.
On the other hand, one to one IPv6 address translation of for example a complete prefix, eg, fd00::1/64 to for example 2a01::1/64, works with NPTv6 in IPFW.
So you can have your "private" addresses on your VM's and for them to reach to internet, translate it to a global prefix obtained from eg a dhcpv6 server. Do keep in mind that a lot of operating systems don't use IPv6 over IPv4 when they are only configured with an ULA IPv6 address (even if its translated at the gateway by IPFW).