Hello, Is the following possible, or am I wasting my time? I am using shorewall(6) with default stable Debian Stretch on a box with four physical RJ45 ethernet connections (call them red, orange, blue, and green). I have a single main provider that does not yet provide native IPv6, but should eventually be the IPv6 main supplier, plus a fallback Hurricane Electric IPv6-in-IPv4 SIP tunnel. The only internet connection is via a modem linked to the red interface. The orange interface is connected to the DMZ, blue is for guests and general web access, green is the main protected network. The main supplier should eventually provide a native IPv6 address prefix, although I may not receive prior notification. The HE 6in4 tunnel provides a valid IPv6 address until I am assigned a main IPv6 address. All external connections should use a valid allocated IPv6 address prefix, but can I use valid private IPv6 addresses for internal traffic between zones: orange fd??:?:?:?f::/64, blue fd??:?:?:?e::/64, green fd??:?:?:?d::/64. These would be firewalled internal peer-to-peer connections, not input interfaces from different providers in the same way as the red and tunnel, but should they be treated as if from three additional providers? Thanks for any information. -- Chris Bell Website http://chrisbell.org.uk
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
