[CentOS] IPV4 is nearly depleted, are you ready for IPV6?

Brian Mathis brian.mathis at gmail.com
Tue Dec 7 00:27:59 UTC 2010


On Mon, Dec 6, 2010 at 6:28 PM, Bob McConnell <rmcconne at lightlink.com> wrote:
> No, the downside is that each address used will be exposed to the world.
> I consider that a serious security flaw. Having my ISP know how many
> computers I have is a minor issue covered by the contract I have with
> them. But having all of those addresses exposed to Russian mobsters,
> terrorists, crackers and everyone else that knows how to capture packets
> is another matter altogether. If IPv6 exposes that information to the
> world, it is definitely unsafe to use.
>
> Bob McConnell
> N2SPP

The design of IPv4 requires that all systems have unique addresses,
just like IPv6 does.  NAT caused a huge uproar in the community when
it was introduced because it broke this fundamental tenet of the
Internet.  This is why all of those old protocols referred to here are
broken by NAT -- because they always assumed the Internet would work
as it was designed.

IPv6 merely restores this ability by giving enough address space for
everyone again.  It RESTORES the original design of the Internet.

What you are talking about is a FIREWALL, which is NOT THE SAME THING
as a NAT router.  You are enjoying a side-effect of NAT by thinking it
is a firewall.  If you want a firewall with IPv6, THERE IS NO PROBLEM
WITH THAT.  You can have a firewall and do all the blocking of Russian
mobsters you want.  You can easily set a firewall to have the same
effect as your current NAT setup (allow all outgoing traffic, block
incoming traffic).  Once IPv6 becomes pervasive, this will even be
just as easy as setting up your NAT router is now.  A "firewall" in
this case does not mean software running on your computer, it means a
box that you plug in between your two networks, just like you do now
with the NAT router.

Arguing any differently only shows that you're used to doing things a
certain way, and don't want to change.  That's a natural human
reaction to change, but you need to get over that impulse and realize
that you can still do what you want as long as you take the time to
understand.



More information about the CentOS mailing list