On 2011-12-06 15:00, Martin Rex wrote: > Sabahattin Gucukoglu wrote: >> In case you didn't see this: >> http://www.h-online.com/open/news/item/Netfilter-developers-working-on-NAT-for-ip6tables-1385877.html >> >> It's a complete IPv6 NAT implementation with the functionality of >> the IPv4 one in the same stack. ALGs. Port translation. Connection >> tracking. You don't need me to tell you why I don't like this. > > > I fail to understand the issue that you have with this. > > Doing home gateways and *NOT* using dynamic temporary IPv6 addresses for > outbound connections by default (i.e. *NO* static network prefix that > can be linked to a single ISP customer) I think you're confused. Whatever IPv6 source address is in the outgoing packet from the CPE is bound 1:1 to the subscriber. You can't conceal the address of the subscriber, if you ever want to get any packets back. If you want to protect the privacy of individuals within the home (etc.) behind the CPE, you can use IPv6 privacy addresses. But the traffic will still be traceable back to the CPE, of course. I hope you aren't under the illusion that NAT44 in CPE provides any privacy. Brian _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf