Netfilter developers working on NAT for ip6tables
Patrick McHardy has announced the release of patches for the ip6tables IPv6 packet filter under Linux on the netfilter project's developer mailing list. The patches allow the software to replace the address information in IPv6 data packets with different information as an implementation of Network Address Translation (NAT). McHardy says that the netfilter NAT patch modifies the source code, which previously only worked with IPv4, to suit IPV6, making targets such as SNAT/DNAT or MASQUERADE, REDIRECT and NETMAP available to the IPv6 packet filter. The developers have also converted the FTP and SIP NAT helper modules to support IPv6.
McHardy noted that the modifications were made after a recent netfilter working group agreed that there were "legitimate use cases for IPv6 NAT". He did not provide details of the use cases in mind, but added that another reason was to pre-empt new IPv6 NAT implementations by different vendors and provide an alternative to existing systems: "One well-tested implementation everyone can use" is better than many individual developments. For example, a NAT66 implementation by Terry Moës has been available on SourceForge since mid-2011.
Developed in the early 1990s (as RFC 1631) to address a scarcity of IPv4 addresses that was already foreseeable, NAT has considerably prolonged the life of IPv4, which is still in use in the majority of cases: NAT hides many individual devices that use private, and frequently changing, IP addresses on local networks behind a small number of globally valid public addresses. IPv6, on the other hand, promises to assign at least one globally accessible and fixed address to any coffee maker with a network connection. Critics of NAT techniques say they overturn the internet's end-to-end principle, hampering the development of network programs; however, some supporters think that this very aspect presents advantages because, they say, NAT can hide entire LAN structures.