On Mon, 2006-05-29 at 13:21 +0200, Joachim Schrod wrote:
I don't understand what "UNIX attitude" you mean. That I want to use human-readable service host names in my applications and expect that they are mapped transparently to IP addresses (and that it's irrelevant if these are v4 or v6 addresses)? (For the record, I do so, as do most of my customers.)
And then IPv6 is 100% the same as IPv4. Even the /etc/hosts file. ;->
If that is an adequate summary of the "UNIX attitude", do you think that's bad or that's good?
All NOSes require network name resolution. The legacy Novell-Windows world has been broadcast (even if only an option or default now). UNIX has always required passive. That means either local host entries, DNS server, etc...
If you think that the "attitude to have name resolution" is bad,
No -- the key is recognizing that name resolution is _always_ required! UNIX is just passive in its design ... _always_. ;->
how do you expect people (e.g., users in their browsers or system administrators in configuration files) to address services in an IPv6 network? With IPv6 addresses?
First off, it's the same as IPv4, NAT/PAT. But that aside ... the "root cause" isn't IPv6. It's that the appplications are waiting to "time out" on IPv6 name resolution. So, secondly, using internal DNS proxy servers solves the problem nicely. You need to _address_ that timeout. If you do, no problem.
Would you please supply a URL to a free firewall solution for Linux that does stateful firewalling for IPv6? ip6tables doesn't support this, according to the netfilter homepage. And Checkpoint VPN-1 is a tad too expensive for many SOHO companies and for private use... TIA for answers, especially for a firewall solution,
Again, you don't have to at the NAT/PAT. It's the IPv6 name resolution that is the root cause. Address the timeout on your internal DNS proxy, and the problem is solved!
Joachim PS: You don't need to explain me what IPv6 is; I plan its implementation in companies and know about it by heart. But your enthuisiastic fanboyism for it doesn't match the experiences from my deployment projects.
It's a lot easier to deal with than 1:1 IPv4 NAT. ;-> -- Bryan J. Smith Professional, technical annoyance mailto:b.j.smith@ieee.org http://thebs413.blogspot.com ----------------------------------------------------------- Americans don't get upset because citizens in some foreign nations can burn the American flag -- Americans get upset because citizens in those same nations can't burn their own