[GRLUG] IPv6: My views
Adam Tauno Williams
awilliam at whitemice.org
Fri Jun 8 16:15:24 EDT 2012
On Fri, 2012-06-08 at 16:02 -0400, detrix42 at gmail.com wrote:
> Hello everyone. About three months ago I look around to see if there
> were any IPv6 ready home routers. Did not see any, until about a
> month ago. At Target, the one I got (not the top of the line model)
> was under $100. A Linksys wireless/wired router.
> Because every device on this planet can now have its own IP address,
> there is no NAT. Which is a small security issue.
No, it is *NOT* a security issue. It is *NOT* a security issue. NAT is
*NOT* a security provision - it is an ugly runty grimy hack to work
around a much too small address space. NAT is *NOT* *NOT* *NOT* a
security provision. Network security is provided by firewalls.
If you believe NAT is a security provision then you do not understand
network security.
> This will require one to actually implement a real firewall on their
> computer.
All of which already have one - and THAT FIREWALL is what is protecting
you *TODAY* using IPv4. This has nothing to do with IPv6.
> Thanks to the Linux community there is a very easy to use firewall
> called "ufw" and comes with ubuntu. (I use Linux Mint right now, so I
> assume the other flavors of Ubuntu also come with ufw.) The graphical
> front which will need to be install, is "gufw" ( You could have guess
> that, right ). The old firewall called "firestarted" has not been
> updated in a long time and is not IPv6 ready.
iptables supports IPv6 and has for sometime.
Take a look at fwbuilder
<http://www.fwbuilder.org/>
> Besides needing a IPv6 home router, your ISP also needs be be IPv6
> compliant.
Yes, sadly true.
> If it is, your router will be given an IPv6 64bit prefix. IPv6
> addresses are 128bit.
True.
> The other 64bits are randomly chosen by your home router.
Maybe, not really.
> As far as I understand, these 64bits don't have to be random.
Correct.
> They can be anything you want. For example:
> My prefix: 2606:100:cf42:1897
> So for my main computer at home I use an address such as:
> 2606:100:cf42:1897::1 Just need to remember the prefix, which is
> daunting
> 2606:100:cf42:1897::2 for my other desktop
> 2606:100:cf42:1897::1:1 for my wifes netboot (wifi)
Yep.
> For those who don't know the :: just means there are zeros in between.
Yep.
> If you have any questions please ask, but I am not an expert, I have
> only been looking in to this for about a month.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://shinobu.grlug.org/pipermail/grlug/attachments/20120608/6304cf4c/attachment.pgp>
More information about the grlug
mailing list