Mailinglist Archive: opensuse (1826 mails)

< Previous Next >
Re: [opensuse] Moving to IPv6
  • From: Adam Tauno Williams <awilliam@xxxxxxxxxxxxx>
  • Date: Thu, 09 Sep 2010 14:08:26 -0400
  • Message-id: <1284055706.3942.66.camel@xxxxxxxxxxxxxxx>
On Thu, 2010-09-09 at 20:02 +0200, Anders Johansson wrote:
On Thursday 09 September 2010, James Knott wrote:
Using NAT, for outgoing traffic is simple. However, as soon as you want
remote access to computers behind your firewall, things get
"interesting". There is no simple way to access multiple computers with
the same protocol. You have to resort to tricks such as non-standard
ports, or, as you mentioned in another note, relaying ssh. A VPN will
work (assuming no NAT address clash), but you might not have one handy.
It might also be blocked by the local firewall.
Are you seriously suggesting that having a firewall is a problem

No, I don't read that in the above text at all.

, and that
anything less than complete, unrestricted and unauthenticated access to the
LAN is in some sense broken?

Nothing said above isn't fact.

With IPv4+NAT:
* There is no simple way to access multiple computers with the same
protocol.
* You have to resort to tricks such as non-standard ports,
* A VPN will work - assuming no NAT address clash

I agree the "It might also be blocked by the local firewall" statement
is confusing. It doesn't invalidate any of the other statements.

With a firewall'd IPv6 network you just say - permit inbound :80. Done.
No need to port forward 80 on the external interface to A.B.C.D:80 on
some internal host. Or you can say permit inbound :80 just to
A.B.C.D.E.F. And if you want to access port 80 on two machines - no
problem. No need to have one be :80 and the other :81 as is required
with NAT (and makes for hackish URLs).


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread
Follow Ups