Michael Casey michaelcasey73@gmail.com writes:
If I would have an IPv6 address [home pc, behind a router - supporting ipv6 e.g.: openwrt, ISP gives ipv6], then I can see an IPv6 address with ifconfig, on the PC e.g.: "Z" So that's my "very unique address". - "Z"
Can that be "seen on the internet", the "Z" address? so anyone can ping me from outside, or do an nmap?
If your firewall allows such mapping and you have a global ipv6 address then yes, you can be pinged, nmap-ed etc. Here is what a globally mapped IPv6 would look like:
eth0 Link encap:Ethernet HWaddr 00:0F:B0:C5:EB:99 inet addr:192.83.197.13 Bcast:192.83.197.127 Mask:255.255.255.128 inet6 addr: 2001:5a8:4:7d0:20f:b0ff:fec5:eb99/64 Scope:Global inet6 addr: fe80::20f:b0ff:fec5:eb99/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:45262 errors:0 dropped:0 overruns:0 frame:0 TX packets:40316 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:43622749 (41.6 MiB) TX bytes:21376741 (20.3 MiB) Interrupt:22 Base address:0x2400
In general, I think you'll want to make sure you run system-config-firewall on all your machines and only allow a minimum of services that you *really* trust on your IPv6 connected clients. My machines tend to only allow incoming ssh and nothing else unless the data stream is opened from the client side.
Or are there private addresses what the router gives to my pc.: eg.: with ipv4 a router could give 192.168.1.10... and that IP couldn't be pinged/nmapped from outside (More Secure???) Because I heard that there will be no NAT with IPv6?
NAT isn't needed if all you want is firewalling. If you stick to operating systems that supply usable built-in firewalls you'll be ok.
-wolfgang