[Info-vax] implementing IPv6 on the internet

Dirk Munk munk at home.nl
Wed Sep 21 12:50:14 EDT 2016 

David Froble wrote:
> Dirk Munk wrote:
>> Chris wrote:
>>> On 09/21/16 12:00, Richard Levitte wrote:
>>>
>>>>
>>>> No.  NAT was never designed for network security, but
>>> can be used as a cheap'n'dirty piece of shit firewall.
>>>>
>>>> With IPv6, you'll have to do firewalling for real.
>>>>
>>>> Cheers,
>>>> Richard
>>>
>>> Just another opinion and whatever it was originally designed for,
>>> it's turned out to be quite a sound and cost effective solution
>>> to the problem.
>>>
>>> With IPV6, just what is meant by "firewalling for real" ?...
>>>
>>> Regards,
>>>
>>> Chris
>>>
>>>
>>
>> I've explained that already. By default IPv6 access from the internet
>> is blocked on a CE router.
>>
>> If you want to allow access to an IPv6 device on your LAN, you have to
>> configure on your router access to that IPv6 address *and* to the
>> appropriate ports.
>>
>> With IPv4 you have to route a port number on the WAN port of your
>> router to an IPv4 address and port on the LAN. (port forwarding)
>>
>> No real difference.
>
> I'm not anti-IPv6, just as I'm not anti-quadword.  But from a practical
> perspective, I have to ask, how many people, organizations, etc; behind
> a IPv4 NAT router really need the extended address space.  Right now, as
> you state, you can forward any ports to any device on today's NAT
> routers.  So, what's the rush, for this issue anyway, for IPv6?

There are no more IPv4 addresses available on the internet. The internet 
can only expand with IPv6. If you want to connect to such a server, you 
will need IPv6.

You don't want tu use dual stack for a long time, so the sooner we can 
say goodbye to IPv4, the better.

>
> Now, where I do see a problem, and IPv6 will not address it if I
> understand it correctly, is that if some device can be accessed from
> outside, and it's not so secure, it's inside your router and can get at
> the rest of the devices on the internal network.

No, you can't get to the rest of the devices. You can only get to the 
devices that you have enabled on your router. Besides that, there are 
more then 4 billion x 4 billion possible addresses on one subnet.

More information about the Info-vax mailing list