Mailinglist Archive: opensuse (1826 mails)

< Previous Next >
Re: [opensuse] Moving to IPv6
  • From: Anders Johansson <ajh@xxxxxxxx>
  • Date: Thu, 9 Sep 2010 20:19:02 +0200
  • Message-id: <201009092019.02705.ajh@xxxxxxxx>
On Thursday 09 September 2010, Adam Tauno Williams wrote:
With a firewall'd IPv6 network you just say - permit inbound :80. Done.
No need to port forward 80 on the external interface to A.B.C.D:80 on
some internal host. Or you can say permit inbound :80 just to
A.B.C.D.E.F. And if you want to access port 80 on two machines - no
problem. No need to have one be :80 and the other :81 as is required
with NAT (and makes for hackish URLs).

Except you're not supposed to run external services on the internal LAN at
all, because once a flaw has been discovered, your entire LAN with all its
desktops and everything is wide open. A LAN should be locked down, completely,
totally, utterly. Saying "with IPv6 you can run services there" is simply not
an argument that wins any favours with me, and I hope any security conscious
admin agrees

Anders
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread
Follow Ups