[Info-vax] implementing IPv6 on the internet
David Froble
davef at tsoft-inc.com
Wed Sep 21 12:31:11 EDT 2016
Dirk Munk wrote:
> Chris wrote:
>> On 09/21/16 12:00, Richard Levitte wrote:
>>
>>>
>>> No. NAT was never designed for network security, but
>> can be used as a cheap'n'dirty piece of shit firewall.
>>>
>>> With IPv6, you'll have to do firewalling for real.
>>>
>>> Cheers,
>>> Richard
>>
>> Just another opinion and whatever it was originally designed for,
>> it's turned out to be quite a sound and cost effective solution
>> to the problem.
>>
>> With IPV6, just what is meant by "firewalling for real" ?...
>>
>> Regards,
>>
>> Chris
>>
>>
>
> I've explained that already. By default IPv6 access from the internet is
> blocked on a CE router.
>
> If you want to allow access to an IPv6 device on your LAN, you have to
> configure on your router access to that IPv6 address *and* to the
> appropriate ports.
>
> With IPv4 you have to route a port number on the WAN port of your router
> to an IPv4 address and port on the LAN. (port forwarding)
>
> No real difference.
I'm not anti-IPv6, just as I'm not anti-quadword. But from a practical
perspective, I have to ask, how many people, organizations, etc; behind a IPv4
NAT router really need the extended address space. Right now, as you state, you
can forward any ports to any device on today's NAT routers. So, what's the
rush, for this issue anyway, for IPv6?
Now, where I do see a problem, and IPv6 will not address it if I understand it
correctly, is that if some device can be accessed from outside, and it's not so
secure, it's inside your router and can get at the rest of the devices on the
internal network.
More information about the Info-vax
mailing list