On 2017-05-15, Adam Thompson <[email protected]> wrote: > I still haven't found this answer anywhere... > > Does OpenBSD (more specifically, pf(4), I guess) support RFC 6296, > IPv6-to-IPv6 Network Prefix Translation? Looks like FreeBSD can do it, > but I can't tell if that's something they added to their own pf fork, or > if I'm just missing something in the OpenBSD docs. > > I know I can do NAT66, but I don't think it's feasible to emulate NPT > using NAT66 rules.
No, NPT is different and can't be emulated by anything that OpenBSD's PF currently does. The closest it can get is NAT with bitmask and "static-port", but 1) that's stateful, and 2) it doesn't do the "checksum neutral" modification that NPT uses (NPT doesn't replace just the network prefix; it also adjusts the host part of the address in a complementary manner so that the IPv6 checksum doesn't change).
