On Sat, Mar 31, 2012 at 3:24 PM, Peter Eckel <[email protected]> wrote:
>
>> If the addresses are auto-discovered, how are you supposed to be able to
>> configure filtering rules for what you want to let through?
>
> very simply.
>
> 1. Each interface on an IPv6 enabled machine has several addresses. One of
> them is the autoconfigured address, one is the (a) Privacy Extension address,
> and then you can still configure addresses manually. Obviously the latter
> method is the right choice for servers.
>
> 2. Except for the Privacy Extension address(es), auto-configured addresses
> are static (although virtually unmemorisable) as long as the prefix and the
> host's MAC address are. So there is a static address that you can put into
> your DNS and configure on your firewall.
How do applications choose the correct outbound address in that
scenario? That has always been a problem when using multiple ipv4
addresses on the same interface in combination with firewalling, etc.
where the source address matters.
--
Les Mikesell
[email protected]
_______________________________________________
CentOS mailing list
[email protected]
http://lists.centos.org/mailman/listinfo/centos
