And maybe I'm just dense, but ho one has been able to tell me how I
accomplish this in IPv6 without NAT, I have the requirement in certain
circumstances to transparently redirect all outbound DNS (well, on TCP or
UDP port 53) and/or SMTP (TCP ports 25 and 587) to my own servers. No,
simply blocking it at the firewall and making the user "fix" the problem
is not an option (especially when the problem is created by malware). It
is a simple rule in IPTABLES for IPv4, but how do I accomplish it in IPv6?
Not flaming or anything, but I really want to know how I'm supposed to
accomplish that in the ideal IPv6 world with no NAT?
--
Jim Clausing
GIAC GSE #26, GREM(G), CISSP
GPG fingerprint = A507 774A 39D6 A702 9F7C 8808 3D13 77B8 AACD 848D
On or about Fri, 18 Apr 2014, Simon Perreault pontificated thusly:
Le 2014-04-18 14:57, William Herrin a écrit :
Excluding references and remarks RFC 6888 is 8 pages long with 15
total requirements. Short.
Given the trend toward ever-fluffier RFCs, I'll take that as a
compliment. :)
I'll let the firewall document's authors speak for themselves about
their document's purpose. In the abstract, they said: ''This has
typically been a problem for network operators, who typically have to
produce a "Request for Proposal" from scratch that describes such
features.''
That says, "discriminator for potential purchases" to me. What's your take?
I agree with your interpretation, and I disagree with the intent.
I agree that a "don't break the Internet' firewall requirements
document could have utility. But that doesn't appear to be this
document. And if done well, such a document would be short just like
RFC 6888.
Full agreement.
Simon
