|
|
|
|
|
|
by aaronmdjones
2545 days ago
|
|
|
IPv6 works the same way. Masquerading NAT is not a security feature. You need state tracking to build a masquerading NAT (so that your residential gateway knows which internal machine to route reply traffic to), and once you have state tracking, you can build a stateful firewall. It doesn't matter which version of IP is carrying the traffic, it still has to go through your gateway before it can get to you, and the gateway can do all the policing you want it to. If you want certain services on your internal machines to be reachable from the outside over IPv6, you open up that service's port in your gateway's firewall configuration, which is ... exactly what you do for IPv4 too. OpenWRT (a popular third-party residential gateway firmware) has a stateful IPv4 and IPv6 firewall and DHCPv6/PD support out of the box. You flash it, and if your ISP provides IPv6, you're done. If they don't, you can set up e.g. a 6in4 tunnel with Hurricane Electric, and you're done. It's not complicated. Yes, you have to learn some things, but they're the same things you had to learn when you were starting out with IPv4. |
|
|