Re: Does IPv6 preclude use of a NAT gateway?
On Mon, Jul 11, 2011 at 10:13 PM, Scott Ferguson
<prettyfly.productions@gmail.com> wrote:
> On 12/07/11 07:58, Paul E Condon wrote:
>> On 20110710_225108, Erwan David wrote:
>>> On 10/07/11 20:34, Randy Kramer wrote:
>>>>
>>>>> Also, ipv6 firewalling is very annoying on the gateway (due to
>>>>> the icmpv6 filtering which must be done right). When
>>>>> possible, get a script that does most of it right for you (or
>>>>> check RFC 4890).
>>>>
>>>> Sounds like good advice.
>>>>
>>>> Randy Kramer
>>>>
>>>
>>> shorewall6 is quite good at setting the rules for IPv6.
>>
>> I am puzzled by this discussion. Without going into any features of
>> IPv6, the reason NAT works for IPv4 that I have been taught is the
>> 192.168.xxx.xxx are illegal on the actual internet.
>
> Correction (pedantic semantics), not *illegal*, just not supposed to be
> used in Class A environments (because it won't work). You *will* find
> class C addresses used on internet exposed boxen - you just won't be
> able to load the links (DNS doesn't cope with duplicate IP entries).
Oh, my. You can load the IP addresses *directly*, by IP address, and
access them if you have a route to them. This is quite common inside
VPN's, and as an example is common to all of AOL's internal server
address space (which uses the 10.0.0.0/24 address space, or did a few
years ago.) It's also common in internal networks where 192.168.1.0/24
might be dedicated to a demilitarized zone for external servers,
192.168.2.0/24 might be your internal hosts, 192.168.100.0/24 is
dedicated for idiots who connect internal NAT gateways, etc.
The lack of routes to to such non-routable address ranges is a
*convention*, (http://en.wikipedia.org/wiki/Private_network), and
published in numerous RFC's.
IPv6 has its own..... ideas about how to deal with thus, but it
certainly has reserved, non-routable address spaces.
Reply to: