Re: Does IPv6 preclude use of a NAT gateway?
Arno,
Thanks for the reply!
A followup below:
On Saturday 09 July 2011 08:34:43 pm Arno Schuring wrote:
> Randy Kramer (rhkramer@gmail.com on 2011-07-09 17:14 -0400):
> > I just saw another question about IPv4 and NAT and IPv6, and that
> > prompts this question:
> >
> > When I switch to IPv6, will I lose the ability to keep my computers
> > behind a NAT gateway?
>
> Yes, and no. I know of no NAT implementation for IPv6, although I'm
> fairly certain that ip6tables supports it. What you're looking for is
> probably a stateful firewall, or do you have a hard requirement that
> internal addresses are not communicated to the outside?
>
> > It's probably not the best thing, but I depend on the NAT gateway
> > for a lot of my security--with IPv6, will I still be able to do
> > that?
>
> The security of NAT is like a door with only one handle: it is only
> secure as long as no one on the inside uses the door to get outside.
>
> If you really need address obfuscation, then I would suggest to use
> Application-Layer Gateways, such as http proxy software.
Ahh, I should have read your comment more carefully the first time. It
sounds like you may be answering the question I've been asking as a
followup. But, I might as well ask it explicity:
The other feature I get from my NAT gateway (as I mention in other
posts) is the ability to run multiple computers on one IP address from
my ISP, and without the ISP (easily, at least), knowing how many
computers I'm running.
Can I get the same ability with the approach you mention? I suspect I
could, but I've never really fooled with proxies very much.
Randy Kramer
Reply to: