[rhelv6-list] IPv6 adoption with RHEL6 (and GNU/Linux in general)
thias at spam.spam.spam.spam.spam.spam.spam.egg.and.spam.freshrpms.net
Wed Jan 12 19:04:18 UTC 2011
Benjamin Franz wrote :
> On 01/12/2011 05:22 AM, Matthias Saou wrote:
> > I know the reasons for the lack of NAT support, which are given over and
> > over again. But here is my real world issue with them :
> > All of the networks I manage have at least one or more points where
> > multiple hosts are connected with a single network interface to a
> > network which is not routed to the outside, but translated instead.
> > Some other hosts have two interfaces and are connected to both this
> > private/internal network and to another where they have routable IPv4
> > addresses.
> So carve up your IPv6 allocation into chunks for your previously private
> subnets, setup routes for them, and firewall off incoming connections to
> the private ones at your router/firewalls. You have no shortage of spare
> IPs when you get a IPv6 allocation.
> I'm not getting the issue. All you lose is the many real ips hidden
> behind one public ip effect. They still reach the internet, they can
> still be grouped together, they can still be made unreachable from the
> broader world by your firewalls. What doesn't it do that you need?
The change you suggest implies routing an IPv6 network (the one for the
private IPv4 hosts) behind the IPv6 address of another network (the one
where the IPv4 NAT host is). This means that local routing is required
where there was none before, and you also need to start filtering some
inbound forwarded traffic where you didn't need to before.
Hence my rant about a 1:1 mapping of both IPv4 and IPv6 stacks on a
very typical network layout not being possible.
Clean custom Red Hat Linux rpm packages : http://freshrpms.net/
Fedora release 14 (Laughlin) - Linux kernel 126.96.36.199-72.fc14.x86_64
Load : 0.06 0.41 0.60
More information about the rhelv6-list