ipv6 question
Wolfgang S. Rupprecht
wolfgang.rupprecht+gnus200905 at gmail.com
Mon Jun 1 03:57:06 UTC 2009
Michael Casey <michaelcasey73 at gmail.com> writes:
> If I would have an IPv6 address [home pc, behind a router - supporting
> ipv6 e.g.: openwrt, ISP gives ipv6], then I can see an IPv6 address with
> ifconfig, on the PC e.g.: "Z"
> So that's my "very unique address". - "Z"
>
> Can that be "seen on the internet", the "Z" address? so anyone can ping me
> from outside, or do an nmap?
If your firewall allows such mapping and you have a global ipv6 address
then yes, you can be pinged, nmap-ed etc. Here is what a globally
mapped IPv6 would look like:
eth0 Link encap:Ethernet HWaddr 00:0F:B0:C5:EB:99
inet addr:192.83.197.13 Bcast:192.83.197.127 Mask:255.255.255.128
inet6 addr: 2001:5a8:4:7d0:20f:b0ff:fec5:eb99/64 Scope:Global
inet6 addr: fe80::20f:b0ff:fec5:eb99/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:45262 errors:0 dropped:0 overruns:0 frame:0
TX packets:40316 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:43622749 (41.6 MiB) TX bytes:21376741 (20.3 MiB)
Interrupt:22 Base address:0x2400
In general, I think you'll want to make sure you run
system-config-firewall on all your machines and only allow a minimum of
services that you *really* trust on your IPv6 connected clients. My
machines tend to only allow incoming ssh and nothing else unless the
data stream is opened from the client side.
> Or are there private addresses what the router gives to my pc.: eg.: with
> ipv4 a router could give 192.168.1.10... and that IP couldn't be
> pinged/nmapped from outside (More Secure???)
> Because I heard that there will be no NAT with IPv6?
NAT isn't needed if all you want is firewalling. If you stick to
operating systems that supply usable built-in firewalls you'll be ok.
-wolfgang
--
Wolfgang S. Rupprecht Android 1.5 (Cupcake) and Fedora-11
More information about the users
mailing list