[Info-vax] implementing IPv6 on the internet
Jan-Erik Soderholm
jan-erik.soderholm at telia.com
Wed Sep 21 10:16:32 EDT 2016
Den 2016-09-21 kl. 15:07, skrev Dirk Munk:
> Jan-Erik Soderholm wrote:
>> Den 2016-09-21 kl. 14:28, skrev Dirk Munk:
>>> Chris wrote:
>>>> On 09/21/16 12:00, Richard Levitte wrote:
>>>>
>>>>>
>>>>> No. NAT was never designed for network security, but
>>>> can be used as a cheap'n'dirty piece of shit firewall.
>>>>>
>>>>> With IPv6, you'll have to do firewalling for real.
>>>>>
>>>>> Cheers,
>>>>> Richard
>>>>
>>>> Just another opinion and whatever it was originally designed for,
>>>> it's turned out to be quite a sound and cost effective solution
>>>> to the problem.
>>>>
>>>> With IPV6, just what is meant by "firewalling for real" ?...
>>>>
>>>> Regards,
>>>>
>>>> Chris
>>>>
>>>>
>>>
>>> I've explained that already. By default IPv6 access from the internet is
>>> blocked on a CE router.
>>>
>>> If you want to allow access to an IPv6 device on your LAN, you have to
>>> configure on your router access to that IPv6 address *and* to the
>>> appropriate ports.
>>
>> Do you have any reference to such an router? I'd just like
>> to read up some on what it looks like in the router GUI
>> then doing the config work.
>
> Yes, by far the best routers in this respect are Fritz!box routers made by
> AVM in Berlin.
> This is the address of the Swedish distributor:
>
> http://www.datanat.se/egensida/avm-ac-n-1300mbps-routers/529
>
> I don't think there is a Swedish manual, but you can find a English manual
> on their web site.
>
>>
>> And what about some non-technical customer that just would
>> like to have access to some IPv6 home security device?
>> Is it easy enough for non-technical people to use?
>
> Well, if they can setup port forwarding with IPv4, then I see no reason why
> you can't do it with IPv6.
Yes, but my point is that most users can't no matter the IP version. :-)
Even IPv4 port forwarding is way above the majority of users.
That is why new "home" devices in many cases uses help from
an internet server that handles the IP addresses and ports.
Like TeamViewer works, it works client-to-client without any
port forwarding at any end (both can be behind NAT routers).
>
>>
>> Today, that is solved by having the device announcing itself
>> to some publicaly available server where the user from the
>> "outside" can get the IP and port to access the device.
>> Like TeamViewer does today.
>>
>> I guess there will be similar solutions using IPv6 also,
>> since that is much easier to use for non-tech people.
>> You never see or have to know any IP addresses at all.
>
> You will not use IP addresses, more likely DNS names.
Doesn't make any difference, if you haven't "opened" your
router for the traffic a domain name will not get you
anywhere.
>
>>
>>
>>
>>>
>>> With IPv4 you have to route a port number on the WAN port of your
>>> router to
>>> an IPv4 address and port on the LAN. (port forwarding)
>>>
>>> No real difference.
>>
>
More information about the Info-vax
mailing list