[Cialug] Slightly OT - IPv6 sillyness

Jonathan C. Bailey jbailey at co.marshall.ia.us
Wed Jul 9 14:40:52 CDT 2014


You have ULA with IPv6 (roughly the same as RFC1918), but why? The whole point (well, one of them) of IPv6 is to get rid of NAT. Besides, NAT shouldn't be treated as a security measure.

We're running IPv6 in production (have our own /48 from ARIN) and have basic/sane firewall rules in place (ie. allow related inbound only). So far, it's worked well with very little exposure.

-Jon

----- Original Message -----
From: "L. V. Lammert" <lvl at omnitec.net>
To: "Central Iowa Linux Users Group" <cialug at cialug.org>
Sent: Wednesday, July 9, 2014 2:31:05 PM
Subject: [Cialug] Slightly OT - IPv6 sillyness

I have been trying to grok IPv6 and how it fits into our infrascture, ..
and one thing blows my mind - if I understand correctly, there is NO WAY
TO SETUP A PRIVATE SUBNET? In my mind the first step of any security is to
put all the user machines on a 10-net behind a firewall doing NAT, which
is impossible with IPv6, as every v6 address is publicly accessible!

We had a big discussion about this last month, and the IPv6 chap was
dumbfounded that I even wanted to DO a private network.

Is this really true? How is one *supposed* to create a sane user subnet
with IPv6?

	Lee
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug


More information about the Cialug mailing list