VM, wifi, NAT (was: Re: Internet facing Firewalls mDNS UPnP SMB)

On 05/08/2024 17:50, George at Clug wrote: I am also a bit concerned about the statement "table ip nat", I do not want [e.g. need] any Network Address Translation occurring. <https://lists.debian.org/msgid-search/3674f3e3f740ba9d135636305ebf0...@go.goproject.info> Re: Vir

NAT program used in DOS pre-2000 (was: Re: Verison IPv6 -- I want to stick ...)

er > > on the LAN ran one or more software packages that (1) interfaced to the > > dial-up (!!) modem and (2) provided the NAT functionality. > > > > I don't recall if that was one package or two, and in any case, I don't > > recall the package name(s). >

Re: firewall rules for NAT

On 1 Jul 2017 7:31 pm, "Pascal Hambourg" wrote: Le 01/07/2017 à 03:25, Igor Cicimov a écrit : > > You know what, i just checked the iptables rules the op sent again and > realized this: > > -A POSTROUTING -d 10.7.33.109/32 -p tcp -m tcp > > --dport 25 -j SNAT --to-source

Re: firewall rules for NAT

On Sat, 1 Jul 2017 13:25:30 +0200 Pascal Hambourg wrote: Hello Pascal, >Are you sure that your mailer displays the plain text version, not the >HTML version ? I'll change my answer; I only looked at a couple of Igor's messages and they were fine. However, further study shows that in some pos

Re: firewall rules for NAT

On Sat, 1 Jul 2017 13:25:30 +0200 Pascal Hambourg wrote: Hello Pascal, >Are you sure that your mailer displays the plain text version, not the >HTML version ? Positive. I use Claws Mail *without* any HTML plugin. -- Regards _ / ) "The blindingly obvious is / _)r

Re: firewall rules for NAT

Le 01/07/2017 à 12:54, Brad Rogers a écrit : On Sat, 1 Jul 2017 11:30:41 +0200 Pascal Hambourg wrote: Hello Pascal, PS. Igor, the plain text version of your posts does not properly mark the quoted text from the message you reply to : it appears as if it was your text, without any quotation ma

Re: firewall rules for NAT

On Sat, 1 Jul 2017 11:30:41 +0200 Pascal Hambourg wrote: Hello Pascal, >PS. Igor, the plain text version of your posts does not properly mark >the quoted text from the message you reply to : it appears as if it was >your text, without any quotation marks. It's fine here. -- Regards _

Re: firewall rules for NAT

Le 01/07/2017 à 03:25, Igor Cicimov a écrit : You know what, i just checked the iptables rules the op sent again and realized this: -A POSTROUTING -d 10.7.33.109/32 -p tcp -m tcp --dport 25 -j SNAT --to-source 10.7.33.100 is NOT how you would do SNAT with DNAT, you norm

Re: firewall rules for NAT

On 1 Jul 2017 7:13 am, "Pascal Hambourg" wrote: Le 30/06/2017 à 15:09, Igor Cicimov a écrit : > On Fri, Jun 30, 2017 at 3:50 PM, Pascal Hambourg > wrote: > >> >> Stateful NAT requires symmetric routing, i.e. reply packets go through the >> router that did t

Re: firewall rules for NAT

Le 30/06/2017 à 15:09, Igor Cicimov a écrit : On Fri, Jun 30, 2017 at 3:50 PM, Pascal Hambourg wrote: Stateful NAT requires symmetric routing, i.e. reply packets go through the router that did the NAT operations on original packets and keeps the state for these NAT operations. With the host

Re: firewall rules for NAT

c with the ip of the router vm as source and since >> they >> are both on the same lan and connected to the same bridge I dont see how >> the default gateway can make any difference? The return traffic was >> already >> going through the router vm hence the need of t

Re: firewall rules for NAT

uter vm as source and since they are both on the same lan and connected to the same bridge I dont see how the default gateway can make any difference? The return traffic was already going through the router vm hence the need of the SNAT rule on it. Stateful NAT requires symmetric routing, i.e. reply

Re: firewall rules for NAT

On 29 Jun 2017 6:32 pm, "Lucio Crusca" wrote: Il 27/06/2017 23:35, Pascal Hambourg ha scritto: > Le 27/06/2017 à 13:29, Lucio Crusca a écrit : > >> >> -A POSTROUTING -d 10.7.33.109/32 -p tcp -m tcp --dport 25 -j SNAT >> --to-source 10.7.33.100 >> >> > If this rule is required, then your routing

Re: firewall rules for NAT

Il 27/06/2017 23:35, Pascal Hambourg ha scritto: Le 27/06/2017 à 13:29, Lucio Crusca a écrit : -A POSTROUTING -d 10.7.33.109/32 -p tcp -m tcp --dport 25 -j SNAT --to-source 10.7.33.100 If this rule is required, then your routing setup is wrong. Thank you very much, that was the problem. My

Re: firewall rules for NAT

On 27 Jun 2017 9:29 pm, "Lucio Crusca" wrote: Il 26/06/2017 11:35, Dan Purgert ha scritto: > That shouldn't be happening -- you may have an errant rule you didn't > show > I think I did show that rule: -A POSTROUTING -d 10.7.33.109/32 -p tcp -m tcp --dport 25 -j SNAT --to-source 10.7.33.100

Re: firewall rules for NAT

Le 27/06/2017 à 13:29, Lucio Crusca a écrit : -A POSTROUTING -d 10.7.33.109/32 -p tcp -m tcp --dport 25 -j SNAT --to-source 10.7.33.100 The problem is that without that rule things do not work at all (connections time out). If this rule is required, then your routing setup is wrong. What is t

Re: firewall rules for NAT

Il 26/06/2017 11:35, Dan Purgert ha scritto: That shouldn't be happening -- you may have an errant rule you didn't show I think I did show that rule: -A POSTROUTING -d 10.7.33.109/32 -p tcp -m tcp --dport 25 -j SNAT --to-source 10.7.33.100 The problem is that without that rule things do not

Re: firewall rules for NAT

ing mail connections. That shouldn't be happening -- you may have an errant rule you didn't show from one of the hosts in there that's doing this to you (perhaps NAT Hairpin). -- |_|O|_| Registered Linux user #585947 |_|_|O| Github: https://github.com/dpurgert |O|O|O| PGP: 05CA 9A50

firewall rules for NAT

virbr10 -j REJECT --reject-with icmp-port-unreachable COMMIT # Completed on Sun Jun 25 22:33:39 2017 # Generated by iptables-save v1.4.21 on Sun Jun 25 22:33:39 2017 *nat :PREROUTING ACCEPT [265547:18746839] :INPUT ACCEPT [7946:621443] :OUTPUT ACCEPT [44:3768] :POSTROUTING ACCEPT [737574:41994020] -A

Re: Debian Server (NAT Gateway) Periodically Crashing

additional packages are installed, only enough to support a NAT > gateway. > > Periodically, the vm experiences a kernel Oops and crashes, taking down > internet access for the network. This is the only vm that is crashing, > the other VMs (based off the same minimal install, updat

Re: Debian Server (NAT Gateway) Periodically Crashing

used to configure a Linux box as a NAT/ gateway/ firewall machine for my SOHO back in the day -- configuring iptables (?) by hand, dealing with modem dialing, etc.. Then I discovered purpose-built FOSS distributions for turning a Wintel PC into a gateway appliance and never looked back. Hardware

Debian Server (NAT Gateway) Periodically Crashing

enough to support a NAT gateway. Periodically, the vm experiences a kernel Oops and crashes, taking down internet access for the network. This is the only vm that is crashing, the other VMs (based off the same minimal install, updated to 8.5, minimum software installs) have uptimes of 100+ days

Re: multiple outbound NAT

Op 08-01-15 om 14:36 schreef Bonno Bloksma: > Hi Paul, > >>> At one place I have a Debian wheezy machine that acts as router / firewall >>> using iptables and default routing. >>> I used to have just 1 ip number on the uplink interface. And a simple >>>

Re: multiple outbound NAT

| > | EXTIP2="123.123.123.12" | > | | > | iptables -t nat -A POSTROUTING -o $EXTIF -s $INTNET1 -j SNAT --to $EXTIP1 |

RE: multiple outbound NAT

Hi Igor, >> [...] >> Due to several reasons I now have to use more than 1 outbound ip address to >> make clear from which internal segment the traffic is coming from. >> So traffic coming from 172.16.20.0/24 needs to use $WORLD_IP1 >> And traffic coming from 172.16.22.0/24 needs to use $WORLD_IP2

RE: multiple outbound NAT

Hi Paul, >> At one place I have a Debian wheezy machine that acts as router / firewall >> using iptables and default routing. >> I used to have just 1 ip number on the uplink interface. And a simple >> $IPTABLES --table nat -A POSTROUTING -o $WORLD_IF -j MASQUERADE

Re: multiple outbound NAT

Hi Bonno, Op 08-01-15 om 07:57 schreef Bonno Bloksma: > Hi, > > At one place I have a Debian wheezy machine that acts as router / firewall > using iptables and default routing. > I used to have just 1 ip number on the uplink interface. And a simple > $IPTABLES --table nat

multiple outbound NAT

Hi, At one place I have a Debian wheezy machine that acts as router / firewall using iptables and default routing. I used to have just 1 ip number on the uplink interface. And a simple $IPTABLES --table nat -A POSTROUTING -o $WORLD_IF -j MASQUERADE line in my firewall script sends all traffic

squid on other box than iptables NAT?

Hi group, I thought I could run squid (3.1.20) on one box, and iptables with DNAT on another box with iptables -t nat -A PREROUTING -p tcp --dport 80 -i $LOCIF ! -s $squidbox ! -d $localnet -j DNAT --to-destination $squidbox:3128 squid.conf snip: http_port 192.x.x.x:3128 intercept But on the

Re: network / nat / port forward -- problem

hers can't connect to me. > how to I forward the ports to the eth1 machine so that I can have a > server on it? (or as routers often call it "virtual servers") You need port forwarding, known as DNAT to friends. The official documentation is here: http://www.netfilter.org

Re: network / nat / port forward -- problem

p machine connected to eth1 connects to the internet also > without problems (none that I saw anyway) the dhcp server on debian > assigns an ip to the eth1 machine successfully in the 10.x.x.x range So it sounds like you have forwarding and NAT/masquerading set up successfully. Good so far.

Re: network / nat / port forward -- problem

On Jo, 12 ian 12, 16:34:16, YR wrote: > > The system has 2 network cards. Debian accesses the internet via > eth0 without problems. (typical dhcp getting IP from ISP) > the internet connection is shared, and the xp machine connected to > eth1 connects to the internet also without problems (none th

network / nat / port forward -- problem

hello I tried over a dozen sites, forums and wikis with various instructions and I still can't get this to work. So many 'tutorials' instruct you to 'apt-get' more software that would simply conflict with what is already installed, when what is installed actually works, i just don't know how

Re: address and port translation (NAT) no longer required in IPv6 -- but...

Hello, Rick Thomas a écrit : > > It eliminates the need for masquerading and port translation, but it > does not eliminate the need for a proper firewall. Unfortunately the plenty of public IPv6 space does not totally eliminate the need for NAT in some situations. Otherwise there wou

Re: address and port translation (NAT) no longer required in IPv6 -- but...

IPv6 or any plans for it in the foreseeable future. Of > course, it will also need to be able to do basic stateful fire-wall > stuff, and the IPv4 side will need to do NAT and port translation. My preference is to always use Debian - and it's certainly capable of doing what you want. If y

Re: address and port translation (NAT) no longer required in IPv6 -- but...

fire-wall stuff, and the IPv4 side will need to do NAT and port translation. Thanks! Rick On Dec 27, 2011, at 6:40 AM, Scott Ferguson wrote: Most of the manufacturers already do (or don't you consider sub-$100AU cheap?) Apple, Allied Telesis, AVM, Buffalo Tech, Cisco, D-Link, Funkwerk

Re: address and port translation (NAT) no longer required in IPv6 -- but...

efit and driver for adopting IPv6 >> is >> that there are enough addresses for every host in your lan to have its >> own public IP address, which completely eliminates (the need for) >> masquerading and (D)NAT. >> >> Hope this explains, >> Andrei

Re: address and port translation (NAT) no longer required in IPv6 -- but...

On 27/12/11 22:24, Andrei Popescu wrote: > On Ma, 27 dec 11, 01:20:27, Rick Thomas wrote: >> >> (Sigh!) ;-\ Now if somebody would just manufacture and sell an >> inexpensive IPv6-capable SOHO router... /-; (sigh!) Most of the manufacturers already do (or don't you consider sub-$100AU cheap?) Appl

Re: address and port translation (NAT) no longer required in IPv6 -- but...

On Ma, 27 dec 11, 01:20:27, Rick Thomas wrote: > > (Sigh!) ;-\ Now if somebody would just manufacture and sell an > inexpensive IPv6-capable SOHO router... /-; (sigh!) Get the cheapest router that supports alternate firmware[1]. As far as I know most of the alternatives already support IPv6. [

address and port translation (NAT) no longer required in IPv6 -- but...

bit off-topic). As far as I understand the main benefit and driver for adopting IPv6 is that there are enough addresses for every host in your lan to have its own public IP address, which completely eliminates (the need for) masquerading and (D)NAT. Hope this explains, Andrei It eliminates

netfilter outbound nat log

Hello, I am using netfilter as firewall and nat. But I'd like to log outbound connexions with their nated public addresses and original private addresses. The only way I have found to get public addresses is to log mangle table when packets go back. (prerouting of mangle table) In fact

Re: UCARP Behind NAT

On 11/14/2011 6:09 PM, Chris Snyder wrote: > I'm guessing, after a bit more research, that what is happening is the > router is keeping an ARP cache. It looks to be set at around 5 > minutes. > > I was under the impression that UCARP used a virtual MAC address, but > that doesn't seem to be the c

Re: UCARP Behind NAT

Why not asking it directly to the UCARP author (Frank DENIS) via email? (See http://ucarp.org for details.) On Mon, 14 Nov 2011 11:36:41 -0500, Chris Snyder writes: > Any ideas where a good place to ask for help on this topic is? Is > there a UCARP mailing list? I realize it might be a little spec

Re: UCARP Behind NAT (SOLVED)

>> >  17         ucarp-vid 3 >> >  18         ucarp-vip 192.168.1.20 >> >  19         ucarp-password [pass-here] >> >  20         ucarp-advskew 100 >> >  21         ucarp-advbase 1 >> >  22         ucarp-master no >> >  23 >> >

Re: UCARP Behind NAT

      ucarp-advskew 100 > >  21         ucarp-advbase 1 > >  22         ucarp-master no > >  23 > >  24 iface eth0:ucarp inet static > >  25         address 192.168.1.20 > >  26         netmask 255.255.255.255 > > > > Now this setup works great on the

Re: UCARP Behind NAT

skew 100 >  21         ucarp-advbase 1 >  22         ucarp-master no >  23 >  24 iface eth0:ucarp inet static >  25         address 192.168.1.20 >  26         netmask 255.255.255.255 > > Now this setup works great on the LAN. I can access 192.168.1.20 fine > while pulling the

UCARP Behind NAT

.1.20 26 netmask 255.255.255.255 Now this setup works great on the LAN. I can access 192.168.1.20 fine while pulling the Ethernet cables from either server. The problem is that I'm trying to forward an external IP to 192.168.1.20 through a NAT. It forwards fine when both machines fir

Re: Does IPv6 preclude use of a NAT gateway?

On Thu, Jul 21, 2011 at 3:45 PM, Henrique de Moraes Holschuh wrote: > On Thu, 21 Jul 2011, Tom H wrote: >> >> If incompetent is equivalent to the Windows DNS admins saying "this is >> a Unix problem", then yes... > > Well, it is equivalent to leaking trash to AS112 and the root zone, > regardless

Re: Does IPv6 preclude use of a NAT gateway?

On Thu, 21 Jul 2011, Tom H wrote: > If incompetent is equivalent to the Windows DNS admins saying "this is > a Unix problem", then yes... Well, it is equivalent to leaking trash to AS112 and the root zone, regardless of platform. What you describe is even worse: being that clueless about DNS when

Re: Does IPv6 preclude use of a NAT gateway?

On Tue, Jul 12, 2011 at 4:43 PM, Henrique de Moraes Holschuh wrote: > On Tue, 12 Jul 2011, Tom H wrote: >> IANA also maintains some server(s) for RFC1918 leaks. More or less ten >> years ago, I was at a company where, one day, none of the Mac boxes >> could telnet to or mount AFP shares on the S

Re: Does IPv6 preclude use of a NAT gateway?

OK, you put a new XP box directly on the internet and I'll put one > behind a NAT router box. Do you wish to take bets on who can update > before getting owned? Yes, I bet it will win the one running with a non-admin account and having a software firewall turned on >;-) > NAT is

Re: Does IPv6 preclude use of a NAT gateway?

Hi, Johan Kullstam wrote: NAT is a firewall. Maybe not a great one. But it does function as such. Yes, and it is improved upon by using a "real" firewall, but nonetheless, NAT does offer some protection and all this posts about being able to poke holes through NAT ... well

Re: Does IPv6 preclude use of a NAT gateway?

On Fri, Jul 15, 2011 at 8:53 PM, Johan Kullstam wrote: > Camaleón writes: > >>>> > It's probably not the best thing, but I depend on the NAT gateway for >>>> > a lot of my security--with IPv6, will I still be able to do that? >>>> >

Re: Does IPv6 preclude use of a NAT gateway?

Camaleón writes: >>> > It's probably not the best thing, but I depend on the NAT gateway for >>> > a lot of my security--with IPv6, will I still be able to do that? >>> >>> NAT and security do not match. You better put a good firewall and/or >&g

Re: Does IPv6 preclude use of a NAT gateway?

ou could set up a SOCKS or HTTP proxy and configure your > software on the private networks to use it. All the traffic would > appear to come from the proxy. > > It's a lot of work, comparatively. But then again, what you're asking > for is a special exception to the way compu

Re: Does IPv6 preclude use of a NAT gateway?

ds are. But when properly configured your Netgear (model unknown) should do the job. NOTE: I have no idea what the "job" is in your case - are a "high value" attack target? > I have no intention of becoming a > networking security guru. I know (at least some of) my limitati

Re: Does IPv6 preclude use of a NAT gateway?

On Tue, 12 Jul 2011, Arno Schuring wrote: > NAT, by design, is unable to forward unknown packets. That is its only That is slightly incorrect. It can forward unknown packets just fine, if you ask for the right type of NAT. Don't think the restricted cone NAT you get when you do man

Re: Does IPv6 preclude use of a NAT gateway?

On Tue, 12 Jul 2011, Tom H wrote: > On Tue, Jul 12, 2011 at 2:02 PM, Henrique de Moraes Holschuh > wrote: > > > > There are routes.  Really.  Maybe not everywhere, and maybe not all the > > time... but the IPv4 private space is often routed. > > > > http://www.cidr-report.org/as2.0/#Bogons > > htt

Re: Does IPv6 preclude use of a NAT gateway?

On Tue, Jul 12, 2011 at 2:02 PM, Henrique de Moraes Holschuh wrote: > > There are routes.  Really.  Maybe not everywhere, and maybe not all the > time... but the IPv4 private space is often routed. > > http://www.cidr-report.org/as2.0/#Bogons > http://www.cidr-report.org/as6447/#Bogons > > *Right

Re: Does IPv6 preclude use of a NAT gateway?

On 7/12/2011 1:22 PM, Arno Schuring wrote: > As an aside, 192.168.x.x is not a class C network. It is a collection > of 256 (-1) class C networks. Correct. CIDR notation might be helpful here in better explaining this. People's use of 'x.x.x.x' notation in this thread seems to be confusing them

Re: Does IPv6 preclude use of a NAT gateway?

Scott Ferguson (prettyfly.producti...@gmail.com on 2011-07-12 12:13 +1000): > > I am puzzled by this discussion. Without going into any features of > > IPv6, the reason NAT works for IPv4 that I have been taught is the > > 192.168.xxx.xxx are illegal on the actual interne

Re: Does IPv6 preclude use of a NAT gateway?

On Mon, 11 Jul 2011, Nico Kadel-Garcia wrote: > The lack of routes to to such non-routable address ranges is a > *convention*, (http://en.wikipedia.org/wiki/Private_network), and > published in numerous RFC's. There are routes. Really. Maybe not everywhere, and maybe not all the time... but the

Re: Does IPv6 preclude use of a NAT gateway?

y Kramer > >>> > >> > >> shorewall6 is quite good at setting the rules for IPv6. > > > > I am puzzled by this discussion. Without going into any features of > > IPv6, the reason NAT works for IPv4 that I have been taught is the > > 192.168.

Re: Does IPv6 preclude use of a NAT gateway?

On 12/07/11 22:59, Stephan Seitz wrote: > On Tue, Jul 12, 2011 at 08:57:10PM +1000, Scott Ferguson wrote: >>> Well, I found it in https://www.sixxs.net/forum/?msg=setup-3668841: >> I suggest you read the material you quote see the last comment? > > Well, the last comment is quite new. When I r

Re: Does IPv6 preclude use of a NAT gateway?

if you have a route to them. >> >> *If you have a route* in the examples given there is no route, hence >> NAT. > > *Really*. Then I suggest you look up the output of your local "route > -n" command on any internal network that uses both 192.168.0.0/24 and

Re: Does IPv6 preclude use of a NAT gateway?

On Tue, Jul 12, 2011 at 08:57:10PM +1000, Scott Ferguson wrote: Well, I found it in https://www.sixxs.net/forum/?msg=setup-3668841: I suggest you read the material you quote see the last comment? Well, the last comment is quite new. When I read the thread the first time, this comment was

Re: Does IPv6 preclude use of a NAT gateway?

re is no route, hence > NAT. *Really*. Then I suggest you look up the output of your local "route -n" command on any internal network that uses both 192.168.0.0/24 and 10.0.0.0/8, or look up the output of the "traceroute" command. The route between them is handled by whatever i

Re: Does IPv6 preclude use of a NAT gateway?

On 12/07/11 19:56, Stephan Seitz wrote: > On Tue, Jul 12, 2011 at 06:57:39PM +1000, Scott Ferguson wrote: >> I don't doubt that in the sea of RFCs I've missed the obsolescence of >> RFC2402, 2406 and 2407 - could you point me at the new optional IPSec >> standard please. :-) > > Well, I found it i

Re: Does IPv6 preclude use of a NAT gateway?

On 12/07/11 19:56, Stephan Seitz wrote: > On Tue, Jul 12, 2011 at 06:57:39PM +1000, Scott Ferguson wrote: >> I don't doubt that in the sea of RFCs I've missed the obsolescence of >> RFC2402, 2406 and 2407 - could you point me at the new optional IPSec >> standard please. :-) > > Well, I found it i

Re: Does IPv6 preclude use of a NAT gateway?

On Tue, Jul 12, 2011 at 06:57:39PM +1000, Scott Ferguson wrote: I don't doubt that in the sea of RFCs I've missed the obsolescence of RFC2402, 2406 and 2407 - could you point me at the new optional IPSec standard please. :-) Well, I found it in https://www.sixxs.net/forum/?msg=setup-3668841: „I

Re: Does IPv6 preclude use of a NAT gateway?

- could you point me at the new optional IPSec standard please. :-) Perhaps I misunderstood you - and you mean some manufacturer make rubbish, and have somehow extrapolated a new policy from that I should also have probably pointed out that privacy extensions take care of many of poster's

Re: Does IPv6 preclude use of a NAT gateway?

On Tue, Jul 12, 2011 at 02:18:44PM +1000, Scott Ferguson wrote: On a different thread - I probably should have pointed out that the IPSec is mandatory with IPV6, which should make IPV6 more secure that IPV4. No, it is not. It was in the beginning, but there were manucaturers who didn’t want to

Re: Does IPv6 preclude use of a NAT gateway?

so it will be some time before this > becomes anything other than a theoretical discussion. > Agreed - I suspect NAT will delay things for a long, long, time. The overseas experience *is* different. Our (two) major ISPs have no plans to implement IPV6. And then there's the NBN... (which

Re: Does IPv6 preclude use of a NAT gateway?

;>>> >>>>> Sounds like good advice. >>>>> >>>>> Randy Kramer >>>>> >>>> >>>> shorewall6 is quite good at setting the rules for IPv6. >>> >>> I am puzzled by this discussion. Without goi

Re: Does IPv6 preclude use of a NAT gateway?

On 07/12/11 at 12:33pm, Scott Ferguson wrote: > On 12/07/11 09:42, William Hopkins wrote: > > On 07/10/11 at 07:20am, Randy Kramer wrote: > >> On Saturday 09 July 2011 10:22:01 pm William Hopkins wrote: > >>> On 07/09/11 at 05:14pm, Randy Kramer wrote: > > > > > > > There are a few issues here.

Re: Does IPv6 preclude use of a NAT gateway?

On 12/07/11 09:42, William Hopkins wrote: > On 07/10/11 at 07:20am, Randy Kramer wrote: >> On Saturday 09 July 2011 10:22:01 pm William Hopkins wrote: >>> On 07/09/11 at 05:14pm, Randy Kramer wrote: > > There are a few issues here.. first and foremost is your desire to 'hide' your > computers.

Re: Does IPv6 preclude use of a NAT gateway?

Kramer >>>> >>> >>> shorewall6 is quite good at setting the rules for IPv6. >> >> I am puzzled by this discussion. Without going into any features of >> IPv6, the reason NAT works for IPv4 that I have been taught is the >> 192.168.xxx.xxx a

Re: Does IPv6 preclude use of a NAT gateway?

hen >>>> possible, get a script that does most of it right for you (or >>>> check RFC 4890). >>> >>> Sounds like good advice. >>> >>> Randy Kramer >>> >> >> shorewall6 is quite good at setting the rules for IPv6.

Re: Does IPv6 preclude use of a NAT gateway?

Randy Kramer writes: > The other feature I get from my NAT gateway (as I mention in other > posts) is the ability to run multiple computers on one IP address from > my ISP, and without the ISP (easily, at least), knowing how many > computers I'm running. > Can I get the s

Re: Does IPv6 preclude use of a NAT gateway?

On 07/10/11 at 07:20am, Randy Kramer wrote: > On Saturday 09 July 2011 10:22:01 pm William Hopkins wrote: > > On 07/09/11 at 05:14pm, Randy Kramer wrote: > > > I just saw another question about IPv4 and NAT and IPv6, and that > > > prompts this question: > > >

Re: Does IPv6 preclude use of a NAT gateway?

On Mon, 11 Jul 2011, Paul E Condon wrote: > Is there something wrong, or incorrect, about this? NAT _can_ either block incoming connections or not, it depends on the type of NAT being done. 1:1 NAT without port translation, for example, will only block something if you firewall it. h

Re: Complex IPv6 setup (was: Does IPv6 preclude use of a NAT gateway?)

On 07/10/11 at 01:42pm, Stephan Seitz wrote: > On Sat, Jul 09, 2011 at 09:47:59PM -0500, John Hasler wrote: > >Liam writes: > >>The remote side will know your actual IP address... > >One of the 2^64 at your disposal. > [...] > With IPv6 all my internal hosts have for now fixed external IPv6 > addr

Re: Does IPv6 preclude use of a NAT gateway?

it right for you (or check RFC 4890). > > > > Sounds like good advice. > > > > Randy Kramer > > > > shorewall6 is quite good at setting the rules for IPv6. I am puzzled by this discussion. Without going into any features of IPv6, the reason NAT works for IPv4

Re: Does IPv6 preclude use of a NAT gateway?

On 10/07/11 20:34, Randy Kramer wrote: > >> Also, ipv6 firewalling is very annoying on the gateway (due to the >> icmpv6 filtering which must be done right). When possible, get a >> script that does most of it right for you (or check RFC 4890). > > Sounds like good advice. > > Randy Kramer >

Re: Does IPv6 preclude use of a NAT gateway?

On Sunday 10 July 2011 09:48:46 am Henrique de Moraes Holschuh wrote: > On Sat, 09 Jul 2011, Randy Kramer wrote: > > When I switch to IPv6, will I lose the ability to keep my computers > > behind a NAT gateway? > > Yes, for the address translation. Unless you hack something w

Re: Does IPv6 preclude use of a NAT gateway?

On Jul 10, 2011 12:37 PM, "Stephan Seitz" wrote: > > On Sun, Jul 10, 2011 at 06:29:19PM +0300, Teemu Likonen wrote: >> >> Interesting. I have a network printer which I, quite naturally, plug >> into my NAT/router so it's in my private 192.168.0. network

Re: Does IPv6 preclude use of a NAT gateway?

On Sun, Jul 10, 2011 at 06:29:19PM +0300, Teemu Likonen wrote: Interesting. I have a network printer which I, quite naturally, plug into my NAT/router so it's in my private 192.168.0. network with my desktop and laptop computers. I'm not sure if the printer even supports IPv6 but for

Re: Does IPv6 preclude use of a NAT gateway?

On Jul 10, 2011 11:36 AM, "Teemu Likonen" wrote: > > * 2011-07-10T10:48:46-03:00 * Henrique de Moraes Holschuh wrote: > > > On Sat, 09 Jul 2011, Randy Kramer wrote: > >> It's probably not the best thing, but I depend on the NAT gateway for > >>

Re: Does IPv6 preclude use of a NAT gateway?

* 2011-07-10T13:57:47+02:00 * Stephan Seitz wrote: > Well, with IPv4 you have NAT, simply because you mostly don’t get more > than one IPv4 address from your provider. > > With IPv6 your provider should give you a network (at least /64 > meaning you have 2^64 - 1 hosts), because

Re: Does IPv6 preclude use of a NAT gateway?

* 2011-07-10T10:48:46-03:00 * Henrique de Moraes Holschuh wrote: > On Sat, 09 Jul 2011, Randy Kramer wrote: >> It's probably not the best thing, but I depend on the NAT gateway for >> a lot of my security--with IPv6, will I still be able to do that? > > Please use a p

Re: Does IPv6 preclude use of a NAT gateway?

On Sat, 09 Jul 2011, Randy Kramer wrote: > When I switch to IPv6, will I lose the ability to keep my computers > behind a NAT gateway? Yes, for the address translation. Unless you hack something with mobile-ipv6, or use filtering application level gateways (which are a far superior so

Re: Does IPv6 preclude use of a NAT gateway?

On Sun, 10 Jul 2011 07:11:06 -0400, Randy Kramer wrote: > Thanks to all who responded! I'll probably respond to several of those > posts because I didn't mention the other thing I get from NAT--that is, > I need only one address from my ISP, and I'm pretty sure my

Re: Does IPv6 preclude use of a NAT gateway?

On Sun, Jul 10, 2011 at 07:14:59AM -0400, Randy Kramer wrote: The other feature I get from my NAT gateway (as I mention in another post) is the ability to run multiple computers on one IP address from my ISP, and without the ISP (easily, at least), knowing how many computers I'm running.

Complex IPv6 setup (was: Does IPv6 preclude use of a NAT gateway?)

On Sat, Jul 09, 2011 at 09:47:59PM -0500, John Hasler wrote: Liam writes: The remote side will know your actual IP address... One of the 2^64 at your disposal. Well, if you found the owner via whois (e.g. if you are using Sixxs tunnel), it doesn’t matter if you change your IPs. Then again

Re: Does IPv6 preclude use of a NAT gateway?

William, Thanks for the reply! A followup below: On Saturday 09 July 2011 10:22:01 pm William Hopkins wrote: > On 07/09/11 at 05:14pm, Randy Kramer wrote: > > I just saw another question about IPv4 and NAT and IPv6, and that > > prompts this question: > > > > When I

Re: Does IPv6 preclude use of a NAT gateway?

Arno, Thanks for the reply! A followup below: On Saturday 09 July 2011 08:34:43 pm Arno Schuring wrote: > Randy Kramer (rhkra...@gmail.com on 2011-07-09 17:14 -0400): > > I just saw another question about IPv4 and NAT and IPv6, and that > > prompts this question: > > >

Re: Does IPv6 preclude use of a NAT gateway?

Stephan, Thanks for the reply! A followup below: On Saturday 09 July 2011 05:27:37 pm Stephan Seitz wrote: > On Sat, Jul 09, 2011 at 05:14:21PM -0400, Randy Kramer wrote: > >It's probably not the best thing, but I depend on the NAT gateway > > for a lot of my security--wit

Re: Does IPv6 preclude use of a NAT gateway?

Thanks to all who responded! I'll probably respond to several of those posts because I didn't mention the other thing I get from NAT--that is, I need only one address from my ISP, and I'm pretty sure my doesn't know how many computers I have behind my NAT gateway. I gues

Re: Does IPv6 preclude use of a NAT gateway?

On Sat, 09 Jul 2011 17:14:21 -0400, Randy Kramer wrote: > I just saw another question about IPv4 and NAT and IPv6, and that > prompts this question: > > When I switch to IPv6, will I lose the ability to keep my computers > behind a NAT gateway? Not necessarily. There are some d

Re: Does IPv6 preclude use of a NAT gateway?

On 07/09/11 at 09:47pm, John Hasler wrote: > Liam writes: > > The remote side will know your actual IP address... > > One of the 2^64 at your disposal. Or more. The IETF recommendation is, generally, a /48 (so you can have subnets. you can subnet below /64 but then SLAAC won't work). Also, chang

  1   2   3   4   >