[GRLUG] IPv6: My views

Adam Tauno Williams awilliam at whitemice.org
Fri Jun 8 16:15:24 EDT 2012 

On Fri, 2012-06-08 at 16:02 -0400, detrix42 at gmail.com wrote:
> Hello everyone.  About three months ago I look around to see if there
> were any IPv6 ready home routers.  Did not see any, until about a
> month ago.  At Target, the one I got (not the top of the line model)
> was under $100. A Linksys wireless/wired router. 
> Because every device on this planet can now have its own IP address,
> there is no NAT.  Which is a small security issue. 

No, it is *NOT* a security issue.  It is *NOT* a security issue.  NAT is
*NOT* a security provision - it is an ugly runty grimy hack to work
around a much too small address space.  NAT is *NOT* *NOT* *NOT* a
security provision.   Network security is provided by firewalls.

If you believe NAT is a security provision then you do not understand
network security.

> This will require one to actually implement a real firewall on their
> computer. 

All of which already have one - and THAT FIREWALL is what is protecting
you *TODAY* using IPv4.  This has nothing to do with IPv6.

> Thanks to the Linux community there is a very easy to use firewall
> called "ufw" and comes with ubuntu. (I use Linux Mint right now, so I
> assume the other flavors of Ubuntu also come with ufw.)  The graphical
> front which will need to be install, is "gufw" ( You could have guess
> that, right ).  The old firewall called "firestarted" has not been
> updated in a long time and is not IPv6 ready.

iptables supports IPv6 and has for sometime.  

Take a look at fwbuilder
<http://www.fwbuilder.org/>

> Besides needing a IPv6 home router, your ISP also needs be be IPv6
> compliant.

Yes, sadly true.

>   If it is, your router will  be given an IPv6 64bit prefix.  IPv6
> addresses are 128bit. 

True.

> The other 64bits are randomly chosen by your home router.

Maybe, not really.

>   As far as I understand, these 64bits don't have to be random.

Correct.

>   They can be anything you want.  For example:
> My prefix: 2606:100:cf42:1897
> So for my main computer at home I use an address such as:
> 2606:100:cf42:1897::1      Just need to remember the prefix, which is
> daunting
> 2606:100:cf42:1897::2      for my other desktop
> 2606:100:cf42:1897::1:1   for my wifes netboot (wifi)

Yep.

> For those who don't know the :: just means there are zeros in between.

Yep.

> If you have any questions please ask, but I am not an expert, I have
> only been looking in to this for about a month.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://shinobu.grlug.org/pipermail/grlug/attachments/20120608/6304cf4c/attachment.pgp>

More information about the grlug mailing list