On 10/28/2011 08:37 PM, Paolo Galtieri wrote:
> According to most recent RFCs IPv6 addresses starting with 0xFD are
> considered unique local addresses. This is more or less equivalent
> to the IPv4 private addresses.
>
> I have the following IPv6 address configured on eth0
>
> fd00:::41/32
>
According to most recent RFCs IPv6 addresses starting with 0xFD are
considered unique local addresses. This is more or less equivalent to the
IPv4 private addresses.
I have the following IPv6 address configured on eth0
fd00:::41/32
When I run ifconfig eth0 I get:
eth0 Link encap:Ethe
On Sunday, January 02, 2011 05:40:00 pm Genes MailLists wrote:
>How does one manage your internal ip6 network so that an ISP change
> (which under NAT/ipv4 is irrelevant) - is straightforward/clean to manage ?
Somehow I missed this message that started the whole thread... Shame on me.
There a
On Sat, 2011-01-08 at 11:27 -0700, James McKenzie wrote:
> On 1/8/11 11:16 AM, Michael H. Warfield wrote:
- snip -
> > Oh lord WHY can we NOT make this myth go away?!?! The IPv6 spec does
> > NOT mandate the USE of IPsec. It only mandates the SUPPORT of IPsec.
> > To be IPv6 compliant you must
On 01/08/2011 01:16 PM, Michael H. Warfield wrote:
. Best practices in IPv4 are not
> (necessarily) best practices in IPv6 and vice versa.
>
I'd love to see a best practices writeup on ipv6 ...
since you point out ignorance is one of the problems (self confessed
participant in that but am
On 1/8/11 11:16 AM, Michael H. Warfield wrote:
> On Sat, 2011-01-08 at 10:57 -0700, James McKenzie wrote:
>> On 1/3/11 6:44 PM, Robert Nichols wrote:
>>> On 01/03/2011 06:31 PM, Michael H. Warfield wrote:
There is a wide spread myth that NAT and the fact that you are on
different addresse
On Sat, 2011-01-08 at 10:57 -0700, James McKenzie wrote:
> On 1/3/11 6:44 PM, Robert Nichols wrote:
> > On 01/03/2011 06:31 PM, Michael H. Warfield wrote:
> >> There is a wide spread myth that NAT and the fact that you are on
> >> different addresses some how bestows upon you some measure of secur
On 1/3/11 6:44 PM, Robert Nichols wrote:
> On 01/03/2011 06:31 PM, Michael H. Warfield wrote:
>> There is a wide spread myth that NAT and the fact that you are on
>> different addresses some how bestows upon you some measure of security.
>> As a leading security researcher, let me impress upon you
On Thursday, January 06, 2011 06:22:06 pm Michael H. Warfield wrote:
> You're just talking nameology here with this. Call it what you want,
> there is still a state engine at the heart of the NAT driving the NAT
> mappings.
Sent a reply off-list, as this type of discussion is really off-topic f
On Thu, 2011-01-06 at 13:30 -0500, Lamar Owen wrote:
> On Wednesday, January 05, 2011 07:51:19 pm Michael H. Warfield wrote:
> > On Wed, 2011-01-05 at 17:26 -0500, Lamar Owen wrote:
> > > I refer in particular to Cisco IOS NAT, IOS 12.4(23) mainline on a
> > > 7206/NPE-G1, using NAT pools and ove
On Thursday, January 06, 2011 01:30:45 pm Lamar Owen wrote:
> That is, given the NAT translation table snippet:
>
> tcp 10.10.10.10:52650 192.168.1.118:52650 74.125.67.99:8074.125.67.99:80
> tcp 10.10.10.10:1769 192.168.1.166:1769 74.125.67.99:8074.125.67.99:80
>
> And assuming no other t
On Wednesday, January 05, 2011 07:51:19 pm Michael H. Warfield wrote:
> On Wed, 2011-01-05 at 17:26 -0500, Lamar Owen wrote:
> > I refer in particular to Cisco IOS NAT, IOS 12.4(23) mainline on a
> > 7206/NPE-G1, using NAT pools and overloading. Incoming packets
> > addressed to the outside interf
--- Tim wrote:
> On Sun, 2011-01-02 at 17:40 -0500, Genes MailLists
> wrote:
> >How does one manage your internal ip6 network
> so that an ISP change
> > (which under NAT/ipv4 is irrelevant) - is
> straightforward/clean to
> > manage ?
>
> The simple answer is *DNS*.
>
> Only the [Kerber
On Wed, 2011-01-05 at 17:26 -0500, Lamar Owen wrote:
> On Tuesday, January 04, 2011 12:52:42 pm Marko Vojinovic wrote:
> > You have the exact same situation if you use IPv4 and NAT. The outside
> > system
> > has the IPv4 of your router, and can use that IP to scan for any open port
> > on
> >
On Tuesday, January 04, 2011 12:52:42 pm Marko Vojinovic wrote:
> You have the exact same situation if you use IPv4 and NAT. The outside system
> has the IPv4 of your router, and can use that IP to scan for any open port on
> your inside machine. Namely, once your NAT-ed machine initiates the
>
On 01/04/2011 11:52 AM, Marko Vojinovic wrote:
> On Tuesday 04 January 2011 01:44:36 Robert Nichols wrote:
>> On 01/03/2011 06:31 PM, Michael H. Warfield wrote:
>> The problem that I see is that any system to which I have ever made a
>> connection now has a nice, routable IPv6 address back to the m
On Mon, 2011-01-03 at 19:44 -0600, Robert Nichols wrote:
> The problem that I see is that any system to which I have ever made a
> connection now has a nice, routable IPv6 address back to the machine
> that made the connection and can start probing that machine to see if
> any vulnerable services m
On Mon, 2011-01-03 at 21:46 -0600, Dave Ihnat wrote:
> On Mon, Jan 03, 2011 at 07:31:37PM -0500, Michael H. Warfield wrote:
> > The IPv6 firewalls on Linux are just as good as the IPv4 firewalls. I
> > didn't start participating in IPv6 until I had decent firewalls. But
> > that was 10 years ago
On Mon, Jan 03, 2011 at 07:31:37PM -0500, Michael H. Warfield wrote:
> The IPv6 firewalls on Linux are just as good as the IPv4 firewalls. I
> didn't start participating in IPv6 until I had decent firewalls. But
> that was 10 years ago now at this point. That's old old news.
That's not my conce
On Mon, 2011-01-03 at 19:44 -0600, Robert Nichols wrote:
> On 01/03/2011 06:31 PM, Michael H. Warfield wrote:
> > There is a wide spread myth that NAT and the fact that you are on
> > different addresses some how bestows upon you some measure of security.
> > As a leading security researcher, let
On 01/03/2011 06:31 PM, Michael H. Warfield wrote:
> There is a wide spread myth that NAT and the fact that you are on
> different addresses some how bestows upon you some measure of security.
> As a leading security researcher, let me impress upon you that nothing
> could be further from the truth
On Mon, 2011-01-03 at 18:09 -0600, Dave Ihnat wrote:
> On Mon, Jan 03, 2011 at 04:14:58PM -0500, Michael H. Warfield wrote:
> > NAT is a vile and evil abomination which was created in a half assed
> > effort to extend the life of IPv4.
> Are you really proposing that all IPv6 addresses for LANs b
On 01/03/2011 06:09 PM, Dave Ihnat wrote:
> On Mon, Jan 03, 2011 at 04:14:58PM -0500, Michael H. Warfield wrote:
>> NAT is a vile and evil abomination which was created in a half assed
>> effort to extend the life of IPv4.
>
> Are you really proposing that all IPv6 addresses for LANs be exposed to
On Mon, Jan 03, 2011 at 04:14:58PM -0500, Michael H. Warfield wrote:
> NAT is a vile and evil abomination which was created in a half assed
> effort to extend the life of IPv4.
Are you really proposing that all IPv6 addresses for LANs be exposed to
the Internet? That's what I think I'm reading.
On Mon, 2011-01-03 at 11:00 -0500, Genes MailLists wrote:
> On 01/03/2011 01:55 AM, Michael Cronenworth wrote:
> > On 01/02/2011 04:40 PM, Genes MailLists wrote:
> >> How does one manage your internal ip6 network so that an ISP change
> >> (which under NAT/ipv4 is irrelevant) - is straightforw
On Sun, 2011-01-02 at 21:01 -0500, Genes MailLists wrote:
> On 01/02/2011 08:54 PM, Genes MailLists wrote:
> >
> >> Probably the simplest approach is to use a router appliance that groks
> >> IPv6 for the WAN, and IPv4 for the LAN. On a Linux system, if you want
> >> it to be your firewall--and a
On 01/03/2011 01:55 AM, Michael Cronenworth wrote:
> On 01/02/2011 04:40 PM, Genes MailLists wrote:
>> How does one manage your internal ip6 network so that an ISP change
>> (which under NAT/ipv4 is irrelevant) - is straightforward/clean to manage ?
>>
>
> At the moment I use radvd and update
On Mon, Jan 03, 2011 at 12:55:03AM -0600, Michael Cronenworth wrote:
> I hate to spoil your fun, but I have my internal network receiving IPv6
> addresses. I wouldn't have it any other way. :)
*Shrug*. Strokes. As long as you're not flooding the Internet with
your internal IP addresses, good on
On Sun, 2011-01-02 at 17:40 -0500, Genes MailLists wrote:
>How does one manage your internal ip6 network so that an ISP change
> (which under NAT/ipv4 is irrelevant) - is straightforward/clean to
> manage ?
The simple answer is *DNS*.
I don't email or web browse to numerical IP addresses. No
On 01/02/2011 04:40 PM, Genes MailLists wrote:
> How does one manage your internal ip6 network so that an ISP change
> (which under NAT/ipv4 is irrelevant) - is straightforward/clean to manage ?
>
At the moment I use radvd and update my DNS entries in my local bind server.
--
users mailing
On 01/02/2011 05:33 PM, Dave Ihnat wrote:
> Frankly, I don't expect most, if any, internal LANs to cut over to IPv6.
> There's no reason or point, and a lot of headaches. Instead, it should
> become the standard*outside* your router/firewall, and you can stay
> with IPv4 inside.
I hate to spoil
On Sunday, January 02, 2011 04:40:00 pm Genes MailLists wrote:
> There was some earlier discussion (mainly about NAT being now
> irrelevant in the face of ipv6).
>
> Question for you experts:
>
>How does one manage your internal ip6 network so that an ISP change
> (wh
On 01/02/2011 08:54 PM, Genes MailLists wrote:
>
>> Probably the simplest approach is to use a router appliance that groks
>> IPv6 for the WAN, and IPv4 for the LAN. On a Linux system, if you want
>> it to be your firewall--and a lot of us are hard-headed enough to do
>> so--I'd put in two NICs an
On 01/02/2011 06:33 PM, Dave Ihnat wrote:
> On Sun, Jan 02, 2011 at 06:19:48PM -0500, Genes MailLists wrote:
>> This issue must have a simple solution surely noone would design a
>> spanking new world and then make it hard for a not uncommon situation
>> (new isp) ?
>
> Well, think again. There
On Sun, Jan 02, 2011 at 06:19:48PM -0500, Genes MailLists wrote:
> This issue must have a simple solution surely noone would design a
> spanking new world and then make it hard for a not uncommon situation
> (new isp) ?
Well, think again. There are reasons people are dragging their feet
going to
On 01/02/2011 06:11 PM, Genes MailLists wrote:
> On 01/02/2011 06:08 PM, Itamar Reis Peixoto wrote:
>> On Sun, Jan 2, 2011 at 8:40 PM, Genes MailLists wrote:
>>> There was some earlier discussion (mainly about NAT being now
>>> irrelevant in the face of ipv6).
>&g
On 01/02/2011 06:08 PM, Itamar Reis Peixoto wrote:
> On Sun, Jan 2, 2011 at 8:40 PM, Genes MailLists wrote:
>> There was some earlier discussion (mainly about NAT being now
>> irrelevant in the face of ipv6).
>>
>> Question for you experts:
>>
>> How do
On Sun, Jan 2, 2011 at 8:40 PM, Genes MailLists wrote:
> There was some earlier discussion (mainly about NAT being now
> irrelevant in the face of ipv6).
>
> Question for you experts:
>
> How does one manage your internal ip6 network so that an ISP change
> (which under N
There was some earlier discussion (mainly about NAT being now
irrelevant in the face of ipv6).
Question for you experts:
How does one manage your internal ip6 network so that an ISP change
(which under NAT/ipv4 is irrelevant) - is straightforward/clean to manage ?
thanks!
--
users
39 matches
Mail list logo
