Re: Re: dual-stack gateway/firewall
George P Boutwell wrote:
> I'd like an good old-fashioned ipv4<->ipv6 NAT... Is there such a thing,
IPv4 NAT did let us hide our networks, but it broke some programs who relied on
end to end services so we had to port forward / DMZ.
With IPv6 you switch your mindset from NAT and private IPv4 subnets to
connection tracking firewall rules for your public IPv6 subnet. I think this
makes not having ip6tables wrapper programs and kernels without active IPv6
connection tracking more of a sore spot. I hope to see the obscure 6wall, or
some other app, mature.
http://www.zipman.it/debian/
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=275103
> I want to be able to access ipv6 services, http, ftp, ssh and whatever
> from machines behind my firewall/gateway machine (which would be
Have your local network dual stack, radvd (or similar) running on the gateway to
help auto-configure your network, and your gateway use a 6to4 (stf) or 6in4
tunnel. I suggest starting out with 6to4. I'm trying both and the 6to4 is
working, I don't have my go6 (freenet6) 6in4 working as I would like.
I don't know which direction of access you are thinking of, but with proper
firewall rules and the public IPv6 addresses your 6to4 or 6in4 subnet gives you,
either way is possible without redirects.
http://wiki.debian.org/DebianIPv6
--
Jacob
Not on the list (yet)
Reply to: