| 1 |
On Fri, Jan 20, 2012 at 6:07 AM, Tanstaafl <tanstaafl@×××××××××××.org> wrote: |
| 2 |
> On 2012-01-19 5:32 PM, Mick <michaelkintzios@×××××.com> wrote: |
| 3 |
>> |
| 4 |
>> On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote: |
| 5 |
>>> |
| 6 |
>>> On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafl<tanstaafl@×××××××××××.org> |
| 7 |
>>> wrote: |
| 8 |
>>>> |
| 9 |
>>>> I have a reasonable grasp of how to use IP addresses etc with IPv4, but |
| 10 |
>>>> every time I start rading about IPv6 I get a headache... |
| 11 |
>>>> |
| 12 |
>>>> Does anyone know of a decent tutorial written specifically to those who |
| 13 |
>>>> have an ok (but not hugely in-depth) understanding of IPv4, and doesn't |
| 14 |
>>>> get bogged down in too many technical details, but simply explains what |
| 15 |
>>>> you need to know to be able to transition to it and use it effectively |
| 16 |
>>>> *and securely* - and/or how *not* to have to expose your entire private |
| 17 |
>>>> network to the world (what IPv4 NAT protects you from)? |
| 18 |
> |
| 19 |
> |
| 20 |
>>> I've been doing IPv6 presentations at LUGs and tech cons, and I'm |
| 21 |
>>> getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty |
| 22 |
>>> sure I'm also not the most knowledgeable on this list wrt IPv6, |
| 23 |
>>> either. Still, what would you like to know? (I can use your questions |
| 24 |
>>> as fodder and experience for future presentations. ^^) |
| 25 |
> |
| 26 |
> |
| 27 |
>> Now that IPv6 is enabled by default on Linux, is one meant to duplicate |
| 28 |
>> all |
| 29 |
>> the IPv4 iptable rules also for IPv6? I'm using arno ip tables and from |
| 30 |
>> what |
| 31 |
>> I saw in the config file it is either 4 or 6 that one can activate. |
| 32 |
>> Perhaps |
| 33 |
>> this has improved with later versions. |
| 34 |
> |
| 35 |
> |
| 36 |
> That was the very first question (and headache) I got from looking at this. |
| 37 |
> |
| 38 |
> |
| 39 |
>> The OP would probably have more questions, but if you ever pull together a |
| 40 |
>> pack of slides I would much appreciate a link to look at them. |
| 41 |
> |
| 42 |
> |
| 43 |
> I really wouldn't know where to start... that is why I was looking for a |
| 44 |
> decent tutorial that covered the topic in total, so I could hopefully get to |
| 45 |
> the point that I *could* ask some intelligent questions about it... |
| 46 |
> |
| 47 |
> One very general question I have is, how can you - or even *can* you - hide |
| 48 |
> all of your internal devices from the outside world, similar to how the use |
| 49 |
> of 'private' IP's behind a NAT'd firewall are hidden from the outside world |
| 50 |
> (nor directly accessible). I definitely do *not* want all of my internal |
| 51 |
> devices directly accessible from the internet. |
| 52 |
|
| 53 |
Use a firewall on your router. My home firewall disallows incoming |
| 54 |
connections, except to ports/hosts I designate. |
| 55 |
|
| 56 |
If you want to avoid an external host from knowing your internal |
| 57 |
hosts' IP addresses, you can use IPv6 privacy extensions. With these, |
| 58 |
a machine has several temporary IP addresses and one permanent IP |
| 59 |
address. It will prefer using its temporary IP addresses for outbound |
| 60 |
connections. |
| 61 |
|
| 62 |
If you want to go further, you can use DHCPv6 to prevent hosts from |
| 63 |
autoconfiguring global-scope addresses. |
| 64 |
|
| 65 |
-- |
| 66 |
:wq |
Archives