On Mon, Jul 11, 2011 at 10:13 PM, Scott Ferguson <prettyfly.producti...@gmail.com> wrote: > On 12/07/11 07:58, Paul E Condon wrote: >> On 20110710_225108, Erwan David wrote: >>> On 10/07/11 20:34, Randy Kramer wrote: >>>> >>>>> Also, ipv6 firewalling is very annoying on the gateway (due to >>>>> the icmpv6 filtering which must be done right). When >>>>> possible, get a script that does most of it right for you (or >>>>> check RFC 4890). >>>> >>>> Sounds like good advice. >>>> >>>> Randy Kramer >>>> >>> >>> shorewall6 is quite good at setting the rules for IPv6. >> >> I am puzzled by this discussion. Without going into any features of >> IPv6, the reason NAT works for IPv4 that I have been taught is the >> 192.168.xxx.xxx are illegal on the actual internet. > > Correction (pedantic semantics), not *illegal*, just not supposed to be > used in Class A environments (because it won't work). You *will* find > class C addresses used on internet exposed boxen - you just won't be > able to load the links (DNS doesn't cope with duplicate IP entries).
Oh, my. You can load the IP addresses *directly*, by IP address, and access them if you have a route to them. This is quite common inside VPN's, and as an example is common to all of AOL's internal server address space (which uses the 10.0.0.0/24 address space, or did a few years ago.) It's also common in internal networks where 192.168.1.0/24 might be dedicated to a demilitarized zone for external servers, 192.168.2.0/24 might be your internal hosts, 192.168.100.0/24 is dedicated for idiots who connect internal NAT gateways, etc. The lack of routes to to such non-routable address ranges is a *convention*, (http://en.wikipedia.org/wiki/Private_network), and published in numerous RFC's. IPv6 has its own..... ideas about how to deal with thus, but it certainly has reserved, non-routable address spaces. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caocn9rwpcl7q3wwjqj+uhbpfyndgfk7fr7o51kfx3hyggyz...@mail.gmail.com
