(D)NAT with IPv6 (was "nf_conntrack & NAT")
laforge at netfilter.org
Fri Dec 9 05:57:59 CET 2005
On Thu, Dec 08, 2005 at 12:56:32PM +0100, Patrick Schaaf wrote:
> > So each time you add a service on a host, you should assign a new IP to it
> > (and create the respective DNS name for this IP/service couple!), just in
> > case you may have to redirect its traffic one day? (even if temporary)
> This has proven to be a very valuable strategy, at work, even for normal
> IPv4 operation. Saves headaches every time we want to migrate something.
> I can warmly recommend this practise.
oh btw, this also solves the usual ssl certificate problem, where you
for example tell people to use smtp/tls or imap/tls or whatever to
"smtp.foo.org" which might be a cname, and thus the certificate name
doesn't always match the 'dn' of the cert.
A very clean solution, indeed.
- Harald Welte <laforge at netfilter.org> http://netfilter.org/
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20051209/0a3eda00/attachment.pgp
More information about the netfilter-devel