[GTALUG] NAT [was Re: Linux hardening question]
James Knott
james.knott at rogers.com
Mon Jul 3 08:59:48 EDT 2017
On 07/03/2017 01:44 AM, D. Hugh Redelmeier via talk wrote:
> I just assume that dhclient knows how to do this. But I'll have to
> look into it.
Actually, this is something that caused me problems. I used to use
openSUSE for my firewall, but it couldn't handle DHCPv6-PD. As a
result, I switched to pfSense for my firewall. However, a Linux
computer should be able to get an IPv6 address for itself, when
connected directly to the modem. The "PD" refers to prefix delegation
and it's how a router is assigned the LAN prefix.
BTW, previous to getting IPv6 from Rogers, I used a 6in4 tunnel to get
IPv6 from a tunnel broker. My openSUSE router/firewall worked fine with
this. I also had a /56 prefix then.
Some people recommend handing out /48 (2^80 addresses) prefixes to
everyone. There are enough of those to give every person on earth well
over 4000 of them and this is with only 1/8th of the entire IPv6 address
space allocated for global unicast addresses.
More information about the talk
mailing list