On 6/28/11 3:09 PM, James Knott wrote:
Jim Flanagan wrote:
Jim Flanagan wrote:
Every device on a public IP address? Better keep your toaster and fridge patched!
It's also possible to configure "private" IPv6 addresses that are not routable over the public internet, in a manner similar to the RFC 1918 IPv4 addresses. Of course, you can still use a firewall to allow/deny access. I was not aware of that. I understood the IPv6 addresses were designed to be non NATable. How would a private IPv6 address work
On 6/25/11 2:52 PM, James Knott wrote: thru an IPv6 router?
You're confusing private addresses with NAT. NAT uses private addresses to get around the address shortage. However, there's no reason why you couldn't have a network using private addresses, without any consideration for accessing the internet. You could also have some devices with more that one address, perhaps one one private, for talking to other local devices and a public address for talking to the rest of the world. IPv6 has 3 different private address types. There's "link local", which is non routable and starts with FE80. Every IPv6 capable device has one of these and is often used for local management, connecting to routers etc. There are also site local, which are not globally unique and unique local, which are globally unique, but are not supposed to be routed over the internet. Site local address, however, have been deprecated.
There's an excellent book from O'Reilly called "IPv6 Essentials", which covers this and much more.
OK, but what about something like we have now where we have one or more internal computers or devices connected to and protected from outside by our router, but that does have access to the internet for email, browsing, patching, upgrading etc.? Basically a firewall that protects internal computers, and even prevents them from being known or exposed to the internet? How will this be handled by IPv6? I realize the original design for IPv6 was to get back to "native" IP protocol where each device has its own unique address without all this "silly" NAT stuff. But the world has changed quite a bit and I and many others have grown accustomed to having our router be in the front line, so to speak. Good tip on the book. Will have to order it. Thanks, Jim F -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org