Mailinglist Archive: opensuse (933 mails)

< Previous Next >
Re: [opensuse] IPv6 firewall
  • From: James Knott <james.knott@xxxxxxxxxx>
  • Date: Sun, 06 Jun 2010 07:10:59 -0400
  • Message-id: <4C0B8243.9050509@xxxxxxxxxx>
Per Jessen wrote:
James Knott wrote:

Per Jessen wrote:
Does it matter a lot for the coffeeshops - don't they just use an
RFC1918 network NAT'ed to a single IP from their provider?
We've already reached the point where many web sites are available
only via IPv6. This is mainly in Asia, where they do not have enough
IPv4 addresses to go around. That day is fast approaching for North
America.
Well, I didn't realize it was getting so close - I have not yet seen/met
any IPv6 only sites or servers.

ipv6.google.com

However, as I mentioned, there are plenty in Asia, where they don't have enough IPv4
Also, NAT is at best a bad hack to extend IPv4.
Well, maybe that is matter of opinion, but I would say that NAT is a
very useful mechanism for connecting RFC1918 networks with the outside
world.

I didn't say it wasn't useful. It was developed as a method to extend the life of IPv4, providing local addresses that don't get routed over the internet (contrary to popular belief, those RFC1918 addresses route just fine, but are supposed to be blocked from the public internet). IPv6 provides something similar with the link-local addresses, which start with "fe80". As I recall one popular protocol, that got broken, is ftp. You had to run it in passive mode to get it to work with NAT. Browsers do that, but not all command line versions do. Peer - peer also has issues in that you have to specifically configure the NAT/router to pass it to one computer. Same with running a server. On the other hand, as soon as I set up my subnet, all my IPv6 capable computers were automagically available on the public IPv6 internet.


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups