IPv6 anywhere?

General questions.
Post Reply
yanestrb
Posts: 2
Joined: October 29th, 2019, 1:05 am

IPv6 anywhere?

Post by yanestrb » October 29th, 2019, 1:16 am

My Internet provider has silently introduced IPv6, and that means, local router DHCP assigns you a private IPv4 address (which is known) and a public IPv6 adress (which is dynamic and seems to be constructed in part by the client). How can I cope with the IPv6 address?

I think IPv6 is very much like being caught trousers down if you have a fancy IPv4 firewall that ignores IPv6.

gpatel-fr
Posts: 51
Joined: July 24th, 2019, 7:59 am

Re: IPv6 anywhere?

Post by gpatel-fr » October 29th, 2019, 3:18 pm

yanestrb wrote:
October 29th, 2019, 1:16 am
I think IPv6 is very much like being caught trousers down if you have a fancy IPv4 firewall that ignores IPv6.
That may be a concern only if you have an atypical setup.
Normally you have

Internet (IP4, IP6) ---- Firewall --- Internel network (IP4)

in this case if you have IPV6 at the internet level it is of no consequence.

If you have something like that

Internet --- Firewall --- Internal network
!------------------- Internal network

in other words, if you rely on the stations to be cooperative with the firewall to access Internet only through the firewall, it can be a problem indeed.
In this special case, a station could bypass the firewall if setup with an IPv6 stack; a malicious IPv6 host accessed on the Internet could attack back directly the station (a scan from the internet is implausible since usually a /64 is granted by the ISP, far too much to be scanned).

Just do a standard setup and you are safe.

yanestrb
Posts: 2
Joined: October 29th, 2019, 1:05 am

Re: IPv6 anywhere?

Post by yanestrb » October 31st, 2019, 7:25 am

If the clients don't know they can use IPv6, they wouldn't use it. But there are a lot of servers (mainly, web services) which have no IPv4 address. There is no way to them except by making use of IPv6.

IPv4 addresses are gone, now for the 274th time, and I don't know if should take that seriously this time, But we can't stay with obsolete technology much longer, I guess.

There should be an IPv6 capable solution...

cfusco
Posts: 184
Joined: March 23rd, 2015, 4:19 pm

Re: IPv6 anywhere?

Post by cfusco » November 1st, 2019, 7:09 am

yanestrb wrote:
October 31st, 2019, 7:25 am
If the clients don't know they can use IPv6, they wouldn't use it. But there are a lot of servers (mainly, web services) which have no IPv4 address. There is no way to them except by making use of IPv6.

IPv4 addresses are gone, now for the 274th time, and I don't know if should take that seriously this time, But we can't stay with obsolete technology much longer, I guess.

There should be an IPv6 capable solution...
IPv6 is being developed for IPFire 3. The project has limited resources and has to make choices on how to allocate them. Their project, their priorities. Having said that, you can do something: read and implement the instructions written in the wiki page I linked above.

It's a major pain in the neck. Not only that, but after you manage to do everything right, you either do not update anymore, or you repeat all the steps after you update to a new version of IPFire (better yet, you write a script to do that). Painful, but it can be done.
Image

Post Reply