Mailinglist Archive: opensuse (1826 mails)

< Previous Next >
Re: [opensuse] Moving to IPv6
  • From: James Knott <james.knott@xxxxxxxxxx>
  • Date: Thu, 09 Sep 2010 16:40:26 -0400
  • Message-id: <4C89463A.6040604@xxxxxxxxxx>
Anton Aylward wrote:
Anders Johansson said the following on 09/09/2010 02:19 PM:
On Thursday 09 September 2010, Adam Tauno Williams wrote:
With a firewall'd IPv6 network you just say - permit inbound :80. Done.
No need to port forward 80 on the external interface to A.B.C.D:80 on
some internal host. Or you can say permit inbound :80 just to
A.B.C.D.E.F. And if you want to access port 80 on two machines - no
problem. No need to have one be :80 and the other :81 as is required
with NAT (and makes for hackish URLs).
Except you're not supposed to run external services on the internal LAN at
all, because once a flaw has been discovered, your entire LAN with all its
desktops and everything is wide open. A LAN should be locked down, completely,
totally, utterly. Saying "with IPv6 you can run services there" is simply not
an argument that wins any favours with me, and I hope any security conscious
admin agrees
+1

Of course ssh may be handy to manage systems remotely. Of course you'd then want to use public/private keys, instead of passwords.

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread