ipv6 question

Wolfgang S. Rupprecht wolfgang.rupprecht+gnus200905 at gmail.com
Mon Jun 1 03:57:06 UTC 2009


Michael Casey <michaelcasey73 at gmail.com> writes:
> If I would have an IPv6 address [home pc, behind a router - supporting
> ipv6 e.g.: openwrt, ISP gives ipv6], then I can see an IPv6 address with
> ifconfig, on the PC e.g.: "Z"
> So that's my "very unique address". - "Z"
>
> Can that be "seen on the internet", the "Z" address? so anyone can ping me
> from outside, or do an nmap?

If your firewall allows such mapping and you have a global ipv6 address
then yes, you can be pinged, nmap-ed etc.  Here is what a globally
mapped IPv6 would look like:

eth0      Link encap:Ethernet  HWaddr 00:0F:B0:C5:EB:99  
          inet addr:192.83.197.13  Bcast:192.83.197.127  Mask:255.255.255.128
          inet6 addr: 2001:5a8:4:7d0:20f:b0ff:fec5:eb99/64 Scope:Global
          inet6 addr: fe80::20f:b0ff:fec5:eb99/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:45262 errors:0 dropped:0 overruns:0 frame:0
          TX packets:40316 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:43622749 (41.6 MiB)  TX bytes:21376741 (20.3 MiB)
          Interrupt:22 Base address:0x2400 

In general, I think you'll want to make sure you run
system-config-firewall on all your machines and only allow a minimum of
services that you *really* trust on your IPv6 connected clients.  My
machines tend to only allow incoming ssh and nothing else unless the
data stream is opened from the client side.

> Or are there private addresses what the router gives to my pc.: eg.: with
> ipv4 a router could give 192.168.1.10... and that IP couldn't be
> pinged/nmapped from outside (More Secure???)
> Because I heard that there will be no NAT with IPv6?

NAT isn't needed if all you want is firewalling.  If you stick to
operating systems that supply usable built-in firewalls you'll be ok.

-wolfgang
-- 
Wolfgang S. Rupprecht              Android 1.5 (Cupcake) and Fedora-11




More information about the fedora-list mailing list