On 05/12/10 14:21, Tom H wrote: > On Sun, Dec 5, 2010 at 8:13 AM, RedShift <redshift at pandora.be> wrote: >> On 12/05/10 12:50, Rudi Ahlers wrote: >>> >>> (http://www.internetnews.com/infra/article.php/3915471/IPv4+Nearing+Final+Days.htm), >> >> Haven't switched yet, I have IPv6 at home using sixxs. >> >> I can't even figure out what address ranges are reserved for private use, is there even such a concept in IPv6? > > I think that site-local ("fec0:: - fef::") is the ipv6 > more-or-less-equivalent of ipv4 private addresses. Yes, that's correct and it is deprecated. <http://www.ietf.org/rfc/rfc3879.txt> With IPv6 there is plenty of addresses for everyone so you basically use your own assigned official IPv6 address space and setup your own private /64 net and block that subnet in your firewalls. Another thing, there is no NAT and it will not be implemented as we know it in IPv4. To call NAT a security feature is also a faulty understanding. As NAT only prevents access from outside to some computer inside a network which is NAT'ed. This restriction and filtering is the task of the firewall anyway, which does the NAT anyway. NAT basically just breaks a lot of protocols and enforces complex firewalls which needs to understand a lot of different protocols to be able to do things correctly. Which often do not work as well as it could. kind regards, David Sommerseth