Re: Does IPv6 preclude use of a NAT gateway?

To: debian-user@lists.debian.org
Subject: Re: Does IPv6 preclude use of a NAT gateway?
From: William Hopkins <we.hopkins@gmail.com>
Date: Mon, 11 Jul 2011 19:42:15 -0400
Message-id: <[🔎] 20110711234215.GG8031@slimer>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 201107100720.10306.rhkramer@gmail.com>
References: <[🔎] 201107091714.21780.rhkramer@gmail.com> <[🔎] 20110710022201.GS18095@slimer> <[🔎] 201107100720.10306.rhkramer@gmail.com>

On 07/10/11 at 07:20am, Randy Kramer wrote:
> On Saturday 09 July 2011 10:22:01 pm William Hopkins wrote:
> > On 07/09/11 at 05:14pm, Randy Kramer wrote:
> > > I just saw another question about IPv4 and NAT and IPv6, and that
> > > prompts this question:
> > >
> > > When I switch to IPv6, will I lose the ability to keep my computers
> > > behind a NAT gateway?
> >
> > I've seen some talk about implementing address translation in IPv6,
> > but haven't seen anything working yet.
> >
> > > It's probably not the best thing, but I depend on the NAT gateway
> > > for a lot of my security--with IPv6, will I still be able to do
> > > that?
> >
> > Everything NAT provides (inaccessibility by default,
> > port/application-based whitelisting, etc.) can be provided by a
> > firewall. The remote side will know your actual IP address, sure, but
> > the attack space is identical.
> 
> Well, that is the other thing I have today, and would like to keep--that 
> is:
> 
> The other feature I get from my NAT gateway (as I mention in other 
> posts) is the ability to run multiple computers on one IP address from 
> my ISP, and without the ISP (easily, at least), knowing how many 
> computers I'm running.
> 
> Can a firewall help me with that?

There are a few issues here.. first and foremost is your desire to 'hide' your
computers. There's no reason for that -- currently some ISPs try to make you
pay more to run multiple computers, which is wrong. But in IPv6 this
restriction *will not* exist, I assure you. Why else would they assign /64s,
/56s or /48s ?

Second, no, a firewall won't help. But some clever routing could. You can still
create private networks with IPv6 and if you don't allow them to route to the
internet, they won't reach the internet. Then if you wanted, you could set up a
SOCKS or HTTP proxy and configure your software on the private networks to use
it. All the traffic would appear to come from the proxy. 

It's a lot of work, comparatively. But then again, what you're asking for is a
special exception to the way computers are supposed to connect to the internet
(in both v4 AND v6.. NAT was a hack).

If you elaborate on why you want the hiding feature, perhaps someone can
suggest an alternative you haven't considered (:

-- 
Liam

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Does IPv6 preclude use of a NAT gateway?
  - From: Scott Ferguson <prettyfly.productions@gmail.com>
- Re: Does IPv6 preclude use of a NAT gateway?
  - From: Randy Kramer <rhkramer@gmail.com>

References:
- Does IPv6 preclude use of a NAT gateway?
  - From: Randy Kramer <rhkramer@gmail.com>
- Re: Does IPv6 preclude use of a NAT gateway?
  - From: William Hopkins <we.hopkins@gmail.com>
- Re: Does IPv6 preclude use of a NAT gateway?
  - From: Randy Kramer <rhkramer@gmail.com>

Prev by Date: Re: Does IPv6 preclude use of a NAT gateway?
Next by Date: Re: Want to build new Debian PC. Is IDE interface gone?
Previous by thread: Re: Does IPv6 preclude use of a NAT gateway?
Next by thread: Re: Does IPv6 preclude use of a NAT gateway?
Index(es):
- Date
- Thread