Re: FreeBSD Firewall/Router/Gateway questions.

On Tue, 11 Nov 2008 17:20:21 +0100, Torfinn Ingolfsen wrote:

Chris Jewell wrote:
This restriction is enforced by all routers on the Internet.

Your experience certainly differs from mine. The FreeBSD firewall for

I guess I live in a sheltered place on the Internet :-) Or perhaps
Norwegian ISP's are more vigilant in enforcing those standards? I was in
doubt when I wrote that sentence, but I figured writing "should be
enforced" would confuse the OP even more.

It really does seem to depend on where in the Internet one is connected.

I'm hoping that Mr Cerf's crystal ball is correct, and that the IPv6
transition will happen in 2009 or 2010,

I wouldn't bet on it.

I'd bet against it.

Where are the how-tos and guides for running an IPv6 setup? Wherer are
the how-to for setting up and running an IPv6 firewall?

Well, you could set the ball rolling :-)

because IPv4 address space will have been exhausted by then.

Oh, I guess we will manage (ok, kludge) us along still. With the recent
economic situation, where are all the devices that will exhaust it?
ISP's (at least in my part of the world) are happy to sell NAT
solutions, and have no immediate plans or even roadmaps for a transition
to IPv6.

More importantly, where are the affordable IPv6 devices? Consumer
routers on the end of ADSL or cable connections are the majority of
Internet connected devices. I don't know of any that are IPv6 enabled,
and most IPv6 hardware is still aimed at medium-large corporations.

That said, a lot of ISPs are IPv6 enabled.

Then the rest of us can forget about NAT, leaving it to those who
think that it is a substitute for
firewall filtering.

Well, for my own part, nat and the division between private and public
ip addresses are something I am used to. I still need that firewall
how-to: how do I understand, setup and run an IPv6 network and firewall?

The "people think NAT is a substitute for filtering" argument is a straw
man. At the same time, NAT allows one to do the filtering effectively
and simply at the gateway, whereas IPv6 seems to need it to be done at
every endpoint.

And how many IPv6 nameservers are available? The transition isn't going
to happen until the infrastructure is there to support it.
.

Relevant Pages

  • RE: Racoon Problem & Cisco Tunnel
    ... Internet is going to have to go there. ... IPv4, IPv6, and NAT are ... My protocol developers have a few LANs at home and we happily use NAT there. ...
    (FreeBSD-Security)
  • Re: Notifying user of open Internet access
    ... Windows won't have this problem anymore. ... NAT will be gone when the Internet goes to IPv6, ...
    (alt.computer.security)
  • Re: "Linux Shminux - IPsec is Snake Oil!" VMS Mgmnt
    ...  There is no plan to do this to IPv6 standards. ... NAT networks with private IP address ranges such as 10.x.x.x or ... about IPv4 address space exhaustion is very much an active topic. ... IANA = Internet Assigned Numbers Authority ...
    (comp.os.vms)
  • Re: Firewall or Little Snitch
    ... In Airport Utility, click on Internet at the top. ... At the bottom of the Internet Connection settings is "Connection ... firewall due to the NAT translation. ... You should also turn off external access to IPv6, ...
    (uk.comp.sys.mac)
  • Re: ipv6 question
    ... If your firewall allows such mapping and you have a global ipv6 address ... services that you *really* trust on your IPv6 connected clients. ... Because I heard that there will be no NAT with IPv6? ...
    (Fedora)