On Mon, 2010-12-06 at 17:15 -0500, Bob McConnell wrote: > > So, spending one or two or 100s /64 subnets with public IPv6 addresses > > which is completely blocked in a firewall will serve exactly the same > > purpose as a site-local subnet. But this /64 net may get access to the > > Internet *if* allowed by the firewall. This is not possible with > > site-local at all. And of course, this is without NAT in addition. > > I hope this made it a little bit clearer. > Clear as mud. If I understand you correctly, I have to say that IPv6 is > broken by design. It isn't. > I have a double handful of computers on my home > network. Each of them needs access to the Internet to get updates to the > OS and various applications. However, I do *NOT* want each and every one > of them to show up as a unique address outside of my network. Why? Things will only work better. NAT is not some magic sauce, it is a *HACK*. > With IP4 > and m0n0wall running as the NAT, they are all translated to the single > IP address that Roadrunner assigned to my Firewall. I need to continue > that mapping. Why? There is no reason. You are wrong, you do *NOT* need to "continue that mapping". That mapping is pointless. > If IPv6 cannot do that, then I hope Time-Warner continues > to ignore it and stays with their current address structure.