On 4/28/23 14:40, James Knott wrote:
On 2023-04-28 17:37, Lew Wolfgang wrote:
I agree with Carlos, I don't want public access to my innards.
That's what firewalls are for. For example, I allow only OpenVPN through mine.
Exactly, and I use the firewall to protect my internal subnets from each other. My WiFi subnet is separate from my IOT subnet which is separate from my main subnet. If I had a public web server (I used to) it would be on the DMZ subnet. How do you do that with a /64?
I was unable to segment that /64 to separate physical interfaces on the router. /66 wouldn't work, for example.
You're not supposed to. LANs are supposed to be /64. If not, things like SLAAC break. If you only get a /64 the problem is with your ISP.
That is the problem, there are no alternatives here. Which again begs the question: why? I'm fine and secure now, why upset the apple cart and risk my boring life? What will IPv6 bring to my environment that I don't already have? Regards, Lew