Re: ipv6 question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Michael Casey <michaelcasey73@xxxxxxxxx> writes:
> If I would have an IPv6 address [home pc, behind a router - supporting
> ipv6 e.g.: openwrt, ISP gives ipv6], then I can see an IPv6 address with
> ifconfig, on the PC e.g.: "Z"
> So that's my "very unique address". - "Z"
>
> Can that be "seen on the internet", the "Z" address? so anyone can ping me
> from outside, or do an nmap?

If your firewall allows such mapping and you have a global ipv6 address
then yes, you can be pinged, nmap-ed etc.  Here is what a globally
mapped IPv6 would look like:

eth0      Link encap:Ethernet  HWaddr 00:0F:B0:C5:EB:99  
          inet addr:192.83.197.13  Bcast:192.83.197.127  Mask:255.255.255.128
          inet6 addr: 2001:5a8:4:7d0:20f:b0ff:fec5:eb99/64 Scope:Global
          inet6 addr: fe80::20f:b0ff:fec5:eb99/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:45262 errors:0 dropped:0 overruns:0 frame:0
          TX packets:40316 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:43622749 (41.6 MiB)  TX bytes:21376741 (20.3 MiB)
          Interrupt:22 Base address:0x2400 

In general, I think you'll want to make sure you run
system-config-firewall on all your machines and only allow a minimum of
services that you *really* trust on your IPv6 connected clients.  My
machines tend to only allow incoming ssh and nothing else unless the
data stream is opened from the client side.

> Or are there private addresses what the router gives to my pc.: eg.: with
> ipv4 a router could give 192.168.1.10... and that IP couldn't be
> pinged/nmapped from outside (More Secure???)
> Because I heard that there will be no NAT with IPv6?

NAT isn't needed if all you want is firewalling.  If you stick to
operating systems that supply usable built-in firewalls you'll be ok.

-wolfgang
-- 
Wolfgang S. Rupprecht              Android 1.5 (Cupcake) and Fedora-11

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux