[Info-vax] implementing IPv6 on the internet

Dirk Munk munk at home.nl
Wed Sep 21 09:07:26 EDT 2016 

Jan-Erik Soderholm wrote:
> Den 2016-09-21 kl. 14:28, skrev Dirk Munk:
>> Chris wrote:
>>> On 09/21/16 12:00, Richard Levitte wrote:
>>>
>>>>
>>>> No.  NAT was never designed for network security, but
>>> can be used as a cheap'n'dirty piece of shit firewall.
>>>>
>>>> With IPv6, you'll have to do firewalling for real.
>>>>
>>>> Cheers,
>>>> Richard
>>>
>>> Just another opinion and whatever it was originally designed for,
>>> it's turned out to be quite a sound and cost effective solution
>>> to the problem.
>>>
>>> With IPV6, just what is meant by "firewalling for real" ?...
>>>
>>> Regards,
>>>
>>> Chris
>>>
>>>
>>
>> I've explained that already. By default IPv6 access from the internet is
>> blocked on a CE router.
>>
>> If you want to allow access to an IPv6 device on your LAN, you have to
>> configure on your router access to that IPv6 address *and* to the
>> appropriate ports.
>
> Do you have any reference to such an router? I'd just like
> to read up some on what it looks like in the router GUI
> then doing the config work.

Yes, by far the best routers in this respect are Fritz!box routers made 
by AVM in Berlin.
This is the address of the Swedish distributor:

http://www.datanat.se/egensida/avm-ac-n-1300mbps-routers/529

I don't think there is a Swedish manual, but you can find a English 
manual on their web site.

>
> And what about some non-technical customer that just would
> like to have access to some IPv6 home security device?
> Is it easy enough for non-technical people to use?

Well, if they can setup port forwarding with IPv4, then I see no reason 
why you can't do it with IPv6.

>
> Today, that is solved by having the device announcing itself
> to some publicaly available server where the user from the
> "outside" can get the IP and port to access the device.
> Like TeamViewer does today.
>
> I guess there will be similar solutions using IPv6 also,
> since that is much easier to use for non-tech people.
> You never see or have to know any IP addresses at all.

You will not use IP addresses, more likely DNS names.

>
>
>
>>
>> With IPv4 you have to route a port number on the WAN port of your
>> router to
>> an IPv4 address and port on the LAN. (port forwarding)
>>
>> No real difference.
>

More information about the Info-vax mailing list