On 09/08/2016 03:15 PM, John Andersen wrote:
On 9/8/2016 11:34 AM, gumb wrote:
Does that mean that IPv6 solves all these woes, or does it still have to work around some of them for backwards compatibility?
With all due respect, Gumb, stay on task here and don't try to rebuild the world in a day.
+1
Moving to a full ipv6 with no-router and no firewall, and no nat is like buying a new engine to avoid having to change oil.
+1 LOL!
There are a lot of pitfalls between along the way, and suddenly every machine must be configured with a proper firewall. That's all fine and good if everything is something you can control like Linux, but printers and smartphones and windows machines, and tablets, and IOT gadgets all become YOUR Problem. (Because BLAME attaches to he who touches it LAST).
That's a scary proposition for those of us who have been networking using a variety of technologies, protocols and addressing schemes for decades. it's all very well my saying that there will be tools to do bulk operations, but the IoT world has shown little consistency of interface and management protocols. Its going to be a lot of individual step-and-repeat with a lot of exceptions and special cases.
You don't even know if your router can be a firewall without also being a NAT. I'm guessing not.
That model, I'm pretty sure not. The one I've just acquired, well, yes, its "multimode", NAT and a couple of different forms of pass-though, ipv4 and ipv6 and has a separate management channel. YMMV.
Rest comfortably behind your NAT/Firewall for now. Wait till your skills and understanding builds up over time. Use what you have.
+1
There is noting wrong with your router, it works just about like any other router.
That is why (a) there are so many vendors producing pretty much the same thing, and (b) that makes it competitive and cheap so brings about (a).
You don't need a direct connection to every machine behind the router, because getting an ssh connection to one means you are one command away from a ssh connection to EACH of the others. You can ssh from one to the other easily with the proper passwords.
Or certificates. That's why you should make all the SSHD servers on all the machines 'standard', use port 22, and leave the outside mapping, for example port 2222 on the Big-I Internet facing side to the NAT'ing router. You start plating mumbly-peg with settings and you (a) might forget and (b) you'll have to "translate in your head" when communicating with others, reading standard papers and books. KISS. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org