Michael Casey <michaelcasey73(a)gmail.com> writes:
If I would have an IPv6 address [home pc, behind a router -
supporting
ipv6 e.g.: openwrt, ISP gives ipv6], then I can see an IPv6 address with
ifconfig, on the PC e.g.: "Z"
So that's my "very unique address". - "Z"
Can that be "seen on the internet", the "Z" address? so anyone can
ping me
from outside, or do an nmap?
If your firewall allows such mapping and you have a global ipv6 address
then yes, you can be pinged, nmap-ed etc. Here is what a globally
mapped IPv6 would look like:
eth0 Link encap:Ethernet HWaddr 00:0F:B0:C5:EB:99
inet addr:192.83.197.13 Bcast:192.83.197.127 Mask:255.255.255.128
inet6 addr: 2001:5a8:4:7d0:20f:b0ff:fec5:eb99/64 Scope:Global
inet6 addr: fe80::20f:b0ff:fec5:eb99/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:45262 errors:0 dropped:0 overruns:0 frame:0
TX packets:40316 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:43622749 (41.6 MiB) TX bytes:21376741 (20.3 MiB)
Interrupt:22 Base address:0x2400
In general, I think you'll want to make sure you run
system-config-firewall on all your machines and only allow a minimum of
services that you *really* trust on your IPv6 connected clients. My
machines tend to only allow incoming ssh and nothing else unless the
data stream is opened from the client side.
Or are there private addresses what the router gives to my pc.: eg.:
with
ipv4 a router could give 192.168.1.10... and that IP couldn't be
pinged/nmapped from outside (More Secure???)
Because I heard that there will be no NAT with IPv6?
NAT isn't needed if all you want is firewalling. If you stick to
operating systems that supply usable built-in firewalls you'll be ok.
-wolfgang
--
Wolfgang S. Rupprecht Android 1.5 (Cupcake) and Fedora-11