[GRLUG] IPv6: My views

Jason Villalta jason at rubixnet.com
Fri Jun 8 16:29:17 EDT 2012


Check out Astaro.

You can get a home license for free and setup an IPv6 tunnel from the
firewall to the IPv6 internet.  This allows you to use IPv6 natively on
your local network and route directly to the IPv6 internet.  If you use an
IPv6 compliant internet dns server you will resolve IPv6 addresses for the
sites that support.  If you are crazy and go fully native just be ready for
some sites not to work if you give up on IPv4 completely.
http://tunnelbroker.net/

As for NAT.  I understand what you are saying but get over it.  Thousands
of companies rely on DNAT to prevent their machines from being directly
accessed on the internet.  Is it ideal no, is it reality yes.  I would say
it is a technical boundary that can not be crossed with out intervention
like a deny any any. So secure yes.


On Friday, June 8, 2012, Adam Tauno Williams wrote:

> On Fri, 2012-06-08 at 16:02 -0400, detrix42 at gmail.com <javascript:;>wrote:
> > Hello everyone.  About three months ago I look around to see if there
> > were any IPv6 ready home routers.  Did not see any, until about a
> > month ago.  At Target, the one I got (not the top of the line model)
> > was under $100. A Linksys wireless/wired router.
> > Because every device on this planet can now have its own IP address,
> > there is no NAT.  Which is a small security issue.
>
> No, it is *NOT* a security issue.  It is *NOT* a security issue.  NAT is
> *NOT* a security provision - it is an ugly runty grimy hack to work
> around a much too small address space.  NAT is *NOT* *NOT* *NOT* a
> security provision.   Network security is provided by firewalls.
>
> If you believe NAT is a security provision then you do not understand
> network security.
>
> > This will require one to actually implement a real firewall on their
> > computer.
>
> All of which already have one - and THAT FIREWALL is what is protecting
> you *TODAY* using IPv4.  This has nothing to do with IPv6.
>
> > Thanks to the Linux community there is a very easy to use firewall
> > called "ufw" and comes with ubuntu. (I use Linux Mint right now, so I
> > assume the other flavors of Ubuntu also come with ufw.)  The graphical
> > front which will need to be install, is "gufw" ( You could have guess
> > that, right ).  The old firewall called "firestarted" has not been
> > updated in a long time and is not IPv6 ready.
>
> iptables supports IPv6 and has for sometime.
>
> Take a look at fwbuilder
> <http://www.fwbuilder.org/>
>
> > Besides needing a IPv6 home router, your ISP also needs be be IPv6
> > compliant.
>
> Yes, sadly true.
>
> >   If it is, your router will  be given an IPv6 64bit prefix.  IPv6
> > addresses are 128bit.
>
> True.
>
> > The other 64bits are randomly chosen by your home router.
>
> Maybe, not really.
>
> >   As far as I understand, these 64bits don't have to be random.
>
> Correct.
>
> >   They can be anything you want.  For example:
> > My prefix: 2606:100:cf42:1897
> > So for my main computer at home I use an address such as:
> > 2606:100:cf42:1897::1      Just need to remember the prefix, which is
> > daunting
> > 2606:100:cf42:1897::2      for my other desktop
> > 2606:100:cf42:1897::1:1   for my wifes netboot (wifi)
>
> Yep.
>
> > For those who don't know the :: just means there are zeros in between.
>
> Yep.
>
> > If you have any questions please ask, but I am not an expert, I have
> > only been looking in to this for about a month.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shinobu.grlug.org/pipermail/grlug/attachments/20120608/2a046109/attachment.html>


More information about the grlug mailing list