On 06/28/2011 06:49 PM, Jim Flanagan pecked at the keyboard and wrote:
On 6/28/11 5:11 PM, James Knott wrote:
Jim Flanagan wrote:
OK, but what about something like we have now where we have one or more internal computers or devices connected to and protected from outside by our router, but that does have access to the internet for email, browsing, patching, upgrading etc.? Basically a firewall that protects internal computers, and even prevents them from being known or exposed to the internet? How will this be handled by IPv6?
If a device needs to access the internet, it'll need a public address. Hiding behind NAT does nothing that a properly configured firewall can't do. You'd configure the firewall to allow access only to what you want to be available and block everything else, just like with IPv4. Also, NAT breaks a lot of things.
OK, so each device that needs internet access will need/have a separate unique public address? I guess we'll get a block of these from our ISPs?
Probably at a cost. I don't know of any business now a days that doesn't charge extra for every little thing.
BTW, my firewall and some commercial firewall/routers runs Linux. My firewall is configured only to allow specific services, such as SSH, VPN and IMAPS. With NAT on IPv4, I forward to the appropriate computer behind the firewall, with IPv6, you'd simply allow that specific address & port combination.
Ok so here, my IMAP machine for example will have its own public IP address, and my firewall will allow IMAP traffic to that IP address?
I have flashed my router to a linux version of firmware, so it is IPv6 capable. I've notice just in the last week or so my ISP is showing and IPv6 address along with my IPv4 address. However for some reason I beleive that is a tunneled address at the moment, but I'm not there to check it right now.
Jim F
-- Ken Schneider SuSe since Version 5.2, June 1998 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org