Re: FreeBSD Firewall/Router/Gateway questions.
- From: Mark Madsen <mark.s.madsen+news@xxxxxxxxx>
- Date: 12 Nov 2008 21:46:30 +0100
On Tue, 11 Nov 2008 23:51:31 +0100, Torfinn Ingolfsen wrote:
Mark Madsen wrote:
Well, you could set the ball rolling :-)
Most likely I will not. I get a headache everytime I try to think about
how I would get myself an IPv6 setup.
Yeah. Hence the smiley. And it simply won't become ubiquitous while
setting up IPv6 requires both (a) a heavy investment in new hardware and
(b) hand-rolling a network solution which (c) additionally requires
reading a lot of eye-gouging documentation.
More importantly, where are the affordable IPv6 devices? Consumer
routers on the end of ADSL or cable connections are the majority of
Internet connected devices. I don't know of any that are IPv6 enabled,
Agreed.
That said, a lot of ISPs are IPv6 enabled.
Well, not so here in Norway - the computer / IT press have checked.
When I said "a lot" I certainly did not mean the majority. But here in
Switz, for example, the major ISPs are able to provide IPv6 connectivity.
The "people think NAT is a substitute for filtering" argument is a
straw man. At the same time, NAT allows one to do the filtering
effectively and simply at the gateway, whereas IPv6 seems to need it to
be done at every endpoint.
A firewall on every machine? Instead of one firewall that separates "my"
network from the Internet? I guess that way of thinking will scare away
a few people.
Well, I may understand wrong, but the design of IPv6 appears to be
entirely based on complete end-to-end connection. If I am wrong I would
be delighted to see detailed documentation on how to manage an IPv6
firewall solution, preferably with worked examples. If it didn't make my
eyeballs bleed, that would be a bonus.
And how many IPv6 nameservers are available? The transition isn't
going to happen until the infrastructure is there to support it.
Well, many root name servers are ready, but does that help at all? At
least 9 of the 13 root servers[1] are IPv6 enabled, if we are to believe
Wikipedia.
The root is well up in the hierarchy compared to most local caching
servers. Can I look up the AAAA record for freebsd.org on my ISP's DNS
server using an IPv6 connection? I can look it up using an IPv4
connection but what earthly use is that if I can't connect to it?
References:
1) http://en.wikipedia.org/wiki/Root_nameserver
As opposed to "rooted_nameserver"? ;-)
The whole IPv6 debacle so far is the result of too many chickens shoving
too many eggs to the front of the blame queue. And vice versa.
.
- References:
- FreeBSD Firewall/Router/Gateway questions.
- From: usenetforall
- Re: FreeBSD Firewall/Router/Gateway questions.
- From: Torfinn Ingolfsen
- Re: FreeBSD Firewall/Router/Gateway questions.
- From: Dave
- Re: FreeBSD Firewall/Router/Gateway questions.
- From: Torfinn Ingolfsen
- Re: FreeBSD Firewall/Router/Gateway questions.
- From: Chris Jewell
- Re: FreeBSD Firewall/Router/Gateway questions.
- From: Torfinn Ingolfsen
- Re: FreeBSD Firewall/Router/Gateway questions.
- From: Mark Madsen
- Re: FreeBSD Firewall/Router/Gateway questions.
- From: Torfinn Ingolfsen
- FreeBSD Firewall/Router/Gateway questions.
- Prev by Date: Replacing the system Kerberos with MIT Kerberos (from ports)
- Next by Date: Re: how to use automounter with thumbdrive
- Previous by thread: Re: FreeBSD Firewall/Router/Gateway questions.
- Next by thread: Re: FreeBSD Firewall/Router/Gateway questions.
- Index(es):
Relevant Pages
|
