PF, The OpenBSD Packet Filter: Building The Network You Need: BSDCan, Ottawa, June 10th 2015 | ||
---|---|---|
Prev | Next |
OpenBSD 5.1 onwards: We have address family translation capability for RFC6052 "IPv4-Embedded" addresses via the af-to option. Note: Works only on inbound (overrides normal routing).
For inet to inet6, we add the prefix and embed the inet address at the appropriate point (read RFC6052).
Fortunately you can write your embedded addresses
pass in inet af-to inet6 from 2001:16d8:ccbc:baad:226:c6ff:192.0.2.1
which loads as
pass in inet all flags S/SA af-to inet6 from 2001:16d8:ccbc:baad:226:c6ff:c000:201
For inet6 to inet, depending on the prefix, we slice off the appropriate 32 bits of the IPv6 adresses to generate the IPv4 addresses.
pass in inet6 all flags S/SA af-to inet from 192.0.2.1
The inet destination address is embedded in the inet6 destination address. You do the magic (eg DNS view).