On Fri, Jan 15, 2021 at 03:24:43PM +0100, Klemens Nanni wrote: > Existing routers doing NAT64 for IPv6-only networks will require > `net.inet.ip.forwarding=1' for NAT64 to work.
Actually you will need both of them. When sending "IPv6 -> pf-router -> IPv4" you need ip forwarding as pf translates the packet and then it is forwarded. But you also want IPv4 packets from the internet return to your local IPv6 network. For that ip6 forwarding is needed. > I'd say we should make that clear with a current.html entry. I will do that. > Either way, I think that diff makes sense. My argument is, that with ip forwarding = 0 no forwarded IPv4 packet should leave your box. ip6 forwarding should prevent IPv6 packets. Currently pf af-to forwards packets regardless of the sysctl settings. This feels wrong. bluhm
