Today I was running apt-get update on my fedora core box running kernel 2.6 and noticed that the ayo.freshrpms.net name resolved first to a IPv6 address, which it tried, and then an IPv4 address, which worked. I know that IPv6 has been enabled on kernel 2.6 for some time now, but always wondered how it was useful. Then I read that ask slashdot post on using IPv6 and that got me curious. So I did a little investigation and found out the following:
If your gateway supports IPv6 and IPv6 tunneling then you can assign IPv6 addresses to each of your internal machines (heretofore natted on a private IPv4 address) and after setting up routing, reach each computer in the IPv6 address space even though you only have on IPv4 address. The way this works is that you take your IPv6-enabled client, and set it to use on of the many 6to4 gateways out there (even microsoft runs one). This becomes your default IPv6 route. The kernel will encapsulate IPv6 traffic in IPv4 and send it to the gateway, which either routes it onto the global IPv6 address space. Since the machines in your private network that you are trying to reach all have the special IPv6 48-bit prefix (which encodes your real IPv4 address), the gateway can then put the traffic back on the wire and send it to your IPv4 gateway, which decodes the traffic and routes it internally. The scenario I just described has a couple of huge drawbacks. First, all your traffic goes through this 6to4 gateway (twice) which you don't control or trust. Second, you'll need to firewall at your gateway as if each host has public (which it now is). This shouldn't be a problem, though, since that's a good practice anyway. NATting has just made us lazy. Any corrections on my understanding? This seems really cool, and possible to set up and run today, given a bit of tweaking and hacking. If we ever see hardware linksys cheap routers that support IPv6 (at the gateway), I think this would be really cool, although it might open up a whole bunch of new security problems from lazy people everywhere. I think that getting rid of NAT as a widespread connection method is a good thing, though. IPv6 eliminates the need for the majority of private address spaces. Michael -- Michael Torrie <[EMAIL PROTECTED]> ____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
