John E. Perry wrote:
So what? I don't want to have to maintain separate external firewalls for
-my laptop -my work laptop -my wife's work laptop -my network printer (IPv4 only) -our home desktop -our 3 sons' laptops when they visit -our son's wife's laptop when she visits
I was really worried about IPv6 when this topic came up a few months ago, thinking it would make it much harder for me to maintain what I have now. But the (restricted address?) feature, that makes it possible for me to keep an internal local network, still invisible to the outside world, relieved my apprehensions in that respect.
You don't have to you'll still have a router to connect to your ISP. You'll just not have to use NAT to support multiple computers. You just configure the firewall to allow only what you want. If you want ssh to be available to all computers, done. If you want http to only one, done again. That is what a proper firewall is designed to do. You don't need NAT to provide appropriate protection.
For you, maybe, as a professional systems administrator. For me, as a simple-minded home user, it's a blessing. And only the (restricted address?) feature saves me from major problems when I have to go to IPv6.
When you set up a firewall, NAT doesn't really help much. Even with the current NAT/routers, you start with everything blocked. Then you start adding whatever you need. With NAT, it quickly becomes more complex, if you want to use the same protocol to multiple computers. That issue simply does not arise with sufficient address on either IPv4 or IPv6. As for firewalls, there'd be no practical difference between configuring a subnet for IPv4 or IPv6. There is a difference with NAT, in that it makes it more difficult.
I'm now pretty much neutral as to when v6 happens for me. But this silliness of IPv4 NAT being a Bad Thing for everyone irritates me. My router with dhcp makes NAT and firewalling Just Work for me and mine.
With IPv6, you don't even need DHCP, although it is available. IPv6 addresses are automagically configured. The router advertises the network address and the computer adds it's MAC address to create a unique IP address. There are also methods to use a random number instead of the MAC address, as I believe currently happens with newer versions of Windows. Of course, manual configuration is still available. And if you still want to use them, there are also IPv6 equivalents of the RFC1918 addresses used by NAT.
You want v6; fine. I'll have to go to it soon; fine.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org