Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPv6 and Firewall traversal



As I recall from previous discussion here and on other lists...

 

One of the barriers to widespread deployment of IPv6 is fear about security.
People have come to rely on their IPv4 NAT as a form of inbound packet
filter.  So moving forward, it seems only natural that (for people who agree
with this policy) a lot of IPv6 firewalls will need to be configured to
block all inbound IPv6 traffic and permit all outbound.  Unfortunately, this
defeats the main value-add of IPv6, which is peer-to-peer.

 

So logically, it seems natural, a lot of IPv6 firewalls will need to support
things like NAT-PMP, or IGD, so the internal devices can automatically
configure inbound ports to enable peer-to-peer, whilst maintaining a
reasonably secure perimeter firewall.  This allows you to block all
unsolicited inbound traffic, but allow clients to communicate with solicited
peers for firewall traversal.  (And at some point, it seems natural that
some authentication scheme will be necessary, so only specific applications
and/or specific machines will be able to use that functionality, etc.)

 

Now the question I have is ... Neither NAT-PMP, nor IGD seem to support
IPv6.  So what up?

 






BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org