For those who missed it, Linux is adding NAT for IPv6 to netfilter:
http://www.spinics.net/lists/netfilter-devel/msg19979.html
Along with tradition SNAT, and DNAT targets most of us are familiar
with, a new NETMAP target is included that implements NPT (network
prefix translation).
I for one am happy to see this; despite not wanting to see people NAT
IPv6 as the norm, having the NETMAP target will largely replace the
use of SNAT and MASQUERADE for many deployments, while keeping those
tools for the times when traditional NAT is desirable.
In a message written on Wed, Nov 30, 2011 at 03:14:07PM -0500, Ray Soucy wrote:
I for one am happy to see this; despite not wanting to see people NAT
IPv6 as the norm, having the NETMAP target will largely replace the
use of SNAT and MASQUERADE for many deployments, while keeping those
tools for the times when traditional NAT is desirable.
+1
Long overdue for many different reasons, be they political (stop
the "nat doesn't exist in IPv6 nonsense") or practical, like the
ability to translate IP based services to new addresses. For
instance it might be nice to translate an old DNS server IPv6 address
to a new working DNS server in some situations.
NAT has many more applications than it's most popular RFC1918 PNAT
to one IPv4 address, and IPv6 has been missing out on those other
tools due to the regious nature of the "private address vrs public
address" dogmas for that one, specific NAT application.
Regardless of what one thinks of v6 NAT, having a v6 REDIRECT target
in linux is long overdue. (trying to do it with tproxy hackery is
really a mess)
Dale