Re: Re: dual-stack gateway/firewall

To: debian-ipv6@lists.debian.org
Subject: Re: Re: dual-stack gateway/firewall
From: "Jacob L. Anawalt" <jacob@cachevalley.org>
Date: Wed, 20 Aug 2008 11:01:13 -0600
Message-id: <[🔎] 48AC4DD9.2000308@cachevalley.org>
In-reply-to: <46316D12.1040907@gmail.com>
References: <46316D12.1040907@gmail.com>

George P Boutwell wrote:
> I'd like an good old-fashioned ipv4<->ipv6 NAT... Is there such a thing,

IPv4 NAT did let us hide our networks, but it broke some programs who relied onend to end services so we had to port forward / DMZ.

With IPv6 you switch your mindset from NAT and private IPv4 subnets toconnection tracking firewall rules for your public IPv6 subnet. I think thismakes not having ip6tables wrapper programs and kernels without active IPv6connection tracking more of a sore spot. I hope to see the obscure 6wall, orsome other app, mature.


http://www.zipman.it/debian/
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=275103

> I want to be able to access ipv6 services, http, ftp, ssh and whatever
> from machines behind my firewall/gateway machine (which would be

Have your local network dual stack, radvd (or similar) running on the gateway tohelp auto-configure your network, and your gateway use a 6to4 (stf) or 6in4tunnel. I suggest starting out with 6to4. I'm trying both and the 6to4 isworking, I don't have my go6 (freenet6) 6in4 working as I would like.

I don't know which direction of access you are thinking of, but with properfirewall rules and the public IPv6 addresses your 6to4 or 6in4 subnet gives you,either way is possible without redirects.


http://wiki.debian.org/DebianIPv6


--
Jacob
Not on the list (yet)

Reply to:

Prev by Date: Re: Debian IPv6 Router
Next by Date: /etc/network/interfaces way
Previous by thread: Re: radvd.conf
Next by thread: /etc/network/interfaces way
Index(es):
- Date
- Thread