[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Complex IPv6 setup (was: Does IPv6 preclude use of a NAT gateway?)

On Sat, Jul 09, 2011 at 09:47:59PM -0500, John Hasler wrote:

Liam writes:

The remote side will know your actual IP address...

One of the 2^64 at your disposal.
Well, if you found the owner via whois (e.g. if you are using Sixxs tunnel), it doesn’t matter if you change your IPs.
Then again I don’t how to configure such a setup with Debian/Testing while keeping fixed IP addresses for incoming traffic. 

Here is my setup (XEN):
I have a DomU as firewall with two (virtual) NICs. One is connected to the DSL modem, one to my home switch. The firewall is running PPPoE (the provider is changing the IPv4 addresses after 24 hours). Besides PPPoE the firewall has a DHCP server for guests, a Squid3 proxy, NTP server, Bind DNS server for the internal network and is of course the firewall with iptables. 
For my IPv6 Sixxs tunnel the firewall has Aiccu running.
Dom0 is my workstation. It runs fetchmail to my vServer and sends my mail to my vServer (Postfix). 

Besides the workstation I have a notebook in my home network.
With IPv4 everything works as expected. Guests get their IP addresses from a certain range (the range is registered in my DNS server).
With IPv6 all my internal hosts have for now fixed external IPv6 addresses. This is working. But how do I configure the systems to use a random IPv6 address for (certain) external connections? To my internal hosts the system should use the fixed IPv6 addresses, to certain external hosts (like my vServer) as well if possible, but to others it should be the random IPv6 address. Since my Squid is running on the system with the Aiccu tunnel endpoint, it will use the tunnel endpoint IPv6 address for all HTTP traffic. If I want to radnomize the IPs, I have to move the squid to another system in my IPv6 range.
The randomized IPv6 addresses should be from a certain range I can use with ip6tables.
And how to I do this with DHCP for guests (should work with windows and linux)?
For my taste IPv6 with its automatism is much less manageable than IPv4. But if anyone has done such a setup and can share his information I will be thankful. 

Shade and sweet water!

	Stephan

--
| Stephan Seitz             E-Mail: stse@fsing.rootsland.net |
| PGP Public Keys: http://fsing.rootsland.net/~stse/pgp.html |

Attachment: signature.asc
Description: Digital signature

Reply to: