Re: converting home network to IPv6; ppp, IPv6, dsnmasq and iptables

To: debian-user@lists.debian.org
Subject: Re: converting home network to IPv6; ppp, IPv6, dsnmasq and iptables
From: "H.S." <hs.samix@gmail.com>
Date: Sun, 06 Jun 2010 10:52:16 -0400
Message-id: <[🔎] hugcn1$fdh$1@dough.gmane.org>
In-reply-to: <[🔎] 2302852.CbtlEUcBR6@rnqqfki.eternal-september.org>
References: <[🔎] hu67e7$gq3$1@dough.gmane.org> <[🔎] hucig7$g15$1@dough.gmane.org> <[🔎] 4C09E700.7020000@hardwarefreak.com> <[🔎] hufc2r$e7a$1@dough.gmane.org> <[🔎] hufgrc$nd7$1@dough.gmane.org> <[🔎] 2302852.CbtlEUcBR6@rnqqfki.eternal-september.org>

On 06/06/10 05:01 AM, Antonio Perez wrote:
> H.S. wrote:
> 
> You don't need to assign different blocks to each NIC, all your network 
> needs only one block of addresses. It is, however, a good idea, security 
> wise, to keep them apart.

hmmm.


> 
>> So, I had to assign address from HEX2:bb00::/56 range. One network was
>> eth1 (HEX2:bb00::) and another was eth0 (HEX2:bb01::). Basically, the
>> two NICs in the same machine need to be on different IPv6 networks ...
>> same as in IPv4 (Doh!).
> 
> Not really.
> 

Okay. Clearly, I am yet to understand this IPv6 stuff better.



>> Now, do the above observations mean I am now correctly using my IPv6
>> networking and ppp connection given by my ISP? Also, what is the
>> HEX2::/64 address given to me by my ISP for?
> 
> The only thing which is really missing in your setup is firewall. Iptables 
> has a dual personality (reflecting the dual stack devices), there is the 
<SNIP>
> Also be sure to set a firewall for IPv6, remember that IPv6 is independent 
> of IPv4 and allows external computers to connect to your systems, even 
> behind the "Debian router":
> 	http://www.cyberciti.biz/faq/ip6tables-ipv6-firewall-for-linux/
> 	http://www.exp-networks.be/blog/ipv6-firewall/
> http://www.debian-administration.org/article/Is_your_firewall_IPv6_aware
> 
> This programs for firewall setting in debian may be of help:
> 	http://wiki.debian.org/Firewalls
> Shorewall seems to be a good choice.

Thanks for all these pointers. I need to get my fundamentals regarding
IPv6 straight.

I was also ready looking around for an IPv6 firewall. For my IPv4
setting, I use my own custom written iptables script. For IPv6, I will
start with Shorewall, based on your suggestion.

Thanks, again.
Regards.




-- 

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.

Reply to:

References:
- converting home network to IPv6; ppp, IPv6, dsnmasq and iptables
  - From: "H.S." <hs.samix@gmail.com>
- Re: converting home network to IPv6; ppp, IPv6, dsnmasq and iptables
  - From: "H.S." <hs.samix@gmail.com>
- Re: converting home network to IPv6; ppp, IPv6, dsnmasq and iptables
  - From: Stan Hoeppner <stan@hardwarefreak.com>
- Re: converting home network to IPv6; ppp, IPv6, dsnmasq and iptables
  - From: "H.S." <hs.samix@gmail.com>
- Re: converting home network to IPv6; ppp, IPv6, dsnmasq and iptables
  - From: "H.S." <hs.samix@gmail.com>
- Re: converting home network to IPv6; ppp, IPv6, dsnmasq and iptables
  - From: Antonio Perez <ap45872@gmx.com>

Prev by Date: Re: Which USB wireless LAN adapter really works on Debian?
Next by Date: RE - E-Quote No. 242897
Previous by thread: Re: converting home network to IPv6; ppp, IPv6, dsnmasq and iptables
Next by thread: [OT] Bandwidth usage daemon recommendation
Index(es):
- Date
- Thread