[Gllug] IPv6 and firewalls

Robert McKay robert at mckay.com
Thu Aug 13 09:06:41 UTC 2009


On Thu, Aug 13, 2009 at 9:23 AM, Chris Bell <chrisbell at 3966.ukfsn.org>wrote:

> Hello,
>   I am using IPCop at the moment, and that provides several services
> including port scan detection, etc, as well as masquerading. There is a
> mention of an IPv6 capable version in the future, but none in testing at
> present, and I do not know what is proposed for the future.
>   One problem I can see if there is a complete switch to IPv6 is that older
> specialist IPv4 equipment could benefit from something similar to NAT, but
> I
> have not yet seen anything that might help


You can get by with a proxy server - either HTTP or SOCKS5 to allow IPv6 or
IPV4 only hosts to talk to the IPv4 or IPv6 network. I'm not sure if
anything better will come along but this isn't really that bad.

The main reason NAT like solutions dont really exist is you would need to
hack up DNS lookups/replies so that they returned some sort of dummy IP the
NAT could recognize. I'm not sure that this kind of hack would ever really
be satisfactory. Proxies already work perfectly and support is built into
most clients that you normally use.

Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20090813/3cfc763e/attachment.html>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug


More information about the GLLUG mailing list