[Info-vax] implementing IPv6 on the internet

Richard Levitte richard at levitte.org
Wed Sep 21 12:27:04 EDT 2016


Den onsdag 21 september 2016 kl. 18:21:08 UTC+2 skrev Dirk Munk:
> Richard Levitte wrote:
> > Den onsdag 21 september 2016 kl. 14:28:20 UTC+2 skrev Dirk Munk:
> >> Chris wrote:
> >>> On 09/21/16 12:00, Richard Levitte wrote:
> >>>
> >>>>
> >>>> No.  NAT was never designed for network security, but
> >>> can be used as a cheap'n'dirty piece of shit firewall.
> >>>>
> >>>> With IPv6, you'll have to do firewalling for real.
> >>>>
> >>>> Cheers,
> >>>> Richard
> >>>
> >>> Just another opinion and whatever it was originally designed for,
> >>> it's turned out to be quite a sound and cost effective solution
> >>> to the problem.
> >>>
> >>> With IPV6, just what is meant by "firewalling for real" ?...
> >>>
> >>> Regards,
> >>>
> >>> Chris
> >>>
> >>>
> >>
> >> I've explained that already. By default IPv6 access from the internet is
> >> blocked on a CE router.
> >>
> >> If you want to allow access to an IPv6 device on your LAN, you have to
> >> configure on your router access to that IPv6 address *and* to the
> >> appropriate ports.
> >>
> >> With IPv4 you have to route a port number on the WAN port of your router
> >> to an IPv4 address and port on the LAN. (port forwarding)
> >>
> >> No real difference.
> >
> > Except you're into a world of complication of you want to open up port 22 to every device at home...  Ah-yup, let the fun begin.
> >
> 
> No. it is very simple, far more simple then with IPv4.

Yes, that's what I was talking about.  Sorry for being unclear.

> IPV6-address-1 open port 22
> IPV6-address-2 open port 22
> IPV6-address-3 open port 22
> IPV6-address-4 open port 22
> IPV6-address-5 open port 22
> 
> Ready.

Yup.

Cheers,
Richard



More information about the Info-vax mailing list