[olug] Ipv6 help/pointers
Justin Reiners
justin at hotlinesinc.com
Thu Jul 25 17:55:43 UTC 2013
I am seeing about 9% of site visits over IPv6, mostly due to verizon
wireless and their 100% ipv6 network.
On Thu, Jul 25, 2013 at 12:31 PM, DYNATRON tech <dynatron at gmail.com> wrote:
> the NAT issue is the reason i disable IPV6 on everything. i may be
> paranoid or ignorant, but it seems to me that IPV6 creates many
> problems from a security standpoint. for 10 years i've been hearing
> about how the world will run out of IP addresses soon, and for 10
> years, it hasn't happened yet...thanks to NAT.
>
> i can see some situations where IPV6 could be useful, but i'm going to
> disable it until my ISP refuses to give me an IPV4 public address.
>
> On 7/24/13, Lou Duchez <lou at paprikash.com> wrote:
> > On 7/24/2013 5:50 PM, Obi-Wan wrote:
> >> On 07/24/2013 04:27 PM, Lou Duchez wrote:
> >>> IPv6:
> >>> your ISP won't be providing an IP address so much as a 64-bit network
> >>> space
> >>> router will not perform NAT -- 128-bit addresses contain enough
> >>> information to be routable on both the private and public sides
> >>> router will still perform most of its usual functions -- gateway,
> >>> firewall, etc -- it just won't need NAT to perform them
> >>
> >> So does this mean that IPv6 CAN'T do NAT, even if you wanted to for
> >> security obfuscation? I'd really rather the rest of the world not
> >> know anything about the internals of my home network.
> >>
> > As far as I know, IPv6 simply does not allow for NAT. I can even
> > "prove" it with Linux documentation:
> >
> > http://linux.die.net/man/8/ip6tables
> >
> > There are "filter" and "mangle" tables like in iptables, but not "nat";
> > and the "masquerade" target no longer exists.
> >
> > I know what you mean about security concerns; I was pretty comfortable
> > with the idea that it is physically impossible for traffic to get routed
> > to some of the machines on my LAN. Now it's not physically impossible,
> > I just have to create a rule to prevent it ... that is a little less
> > comforting.
> >
> > I also get the feeling, but I can't prove it, that ISPs are going to be
> > dishing out static IPs (or rather static /64s) to all customers, rather
> > than have a DHCP pool. Since NAT will no longer be happening, just
> > imagine the chaos if restarting your router meant getting a new /64:
> > every device on your LAN would need to pick up that new /64, and you
> > wouldn't be able to give your network printer a static IP any longer.
> > (Actually you could -- there are classes of unroutable IPs -- but I'm
> > guessing they're not going to be the typical solution.)
> >
> > And you know what else you won't be able to do? Set up a network with
> > two disparate gateways.
> >
> > All of which makes me think that some form of NAT will eventually get
> > built into IPv6.
> >
> >
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > https://lists.olug.org/mailman/listinfo/olug
> >
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>
--
*Justin Reiners*
Hotlines Technical Solutions Engineer.
Phone: 800.807.2967
www.PartsHotlines.com
www.MrCycleParts.com
<http://www.facebook.com/pages/PartsHotlinescom/251605051521985><https://plus.google.com/102910487271834609118>
More information about the OLUG
mailing list