On 06/06/10 05:01 AM, Antonio Perez wrote: > H.S. wrote: > > You don't need to assign different blocks to each NIC, all your network > needs only one block of addresses. It is, however, a good idea, security > wise, to keep them apart.
hmmm. > >> So, I had to assign address from HEX2:bb00::/56 range. One network was >> eth1 (HEX2:bb00::) and another was eth0 (HEX2:bb01::). Basically, the >> two NICs in the same machine need to be on different IPv6 networks ... >> same as in IPv4 (Doh!). > > Not really. > Okay. Clearly, I am yet to understand this IPv6 stuff better. >> Now, do the above observations mean I am now correctly using my IPv6 >> networking and ppp connection given by my ISP? Also, what is the >> HEX2::/64 address given to me by my ISP for? > > The only thing which is really missing in your setup is firewall. Iptables > has a dual personality (reflecting the dual stack devices), there is the <SNIP> > Also be sure to set a firewall for IPv6, remember that IPv6 is independent > of IPv4 and allows external computers to connect to your systems, even > behind the "Debian router": > http://www.cyberciti.biz/faq/ip6tables-ipv6-firewall-for-linux/ > http://www.exp-networks.be/blog/ipv6-firewall/ > http://www.debian-administration.org/article/Is_your_firewall_IPv6_aware > > This programs for firewall setting in debian may be of help: > http://wiki.debian.org/Firewalls > Shorewall seems to be a good choice. Thanks for all these pointers. I need to get my fundamentals regarding IPv6 straight. I was also ready looking around for an IPv6 firewall. For my IPv4 setting, I use my own custom written iptables script. For IPv6, I will start with Shorewall, based on your suggestion. Thanks, again. Regards. -- Please reply to this list only. I read this list on its corresponding newsgroup on gmane.org. Replies sent to my email address are just filtered to a folder in my mailbox and get periodically deleted without ever having been read. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/hugcn1$fd...@dough.gmane.org
