IPv6, firewall issues and numbering schemes

Michael Kjorling michael@kjorling.com
Tue, 4 Dec 2001 21:23:39 +0100 (CET)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello all,

Long time lurker who wants to get involved with IPv6. My main problem
is that I have a firewall that only allows me to specify TCP, UDP and
ICMP or "default" (I don't know if this is IP, or _any_ traffic, and
the manual provides little clue) allow/reject rules. Yes, I know this
sucks, but it is what I've got right now and it's a separate hardware
box so it's not as simple as replacing the software with something
else. Well, on to my question.

Is it possible to set up at least an IPv4 tunnel so that I can gain
external IPv6 connectivity, with this firewall still in place? Or will
I have to bitch at the manufacturer, or even ditch that box it for
something more flexible?

I haven't really digged into IPv6 yet since it seems pretty pointless
to have only two or three computers talk IPv6 to each other on a LAN -
however, if I can reasonably expect external connectivity to work, it
suddenly comes in an all different light.

Also if someone would care to point me to some documents specifying a
common or recommended IPv6 numbering scheme, that would be great. I
have been thinking about using the 64-bit local part as 48 bit MAC
address + 16 bit counter, but this would mean addresses that are even
harder to remember than usual, and may have security implications as
well (publishing local addresses in global DNS). Suggestions or
pointers on this topic are also greatly appreciated!

Thanks in advance,


Michael Kjörling

- -- 
Michael Kjörling  --  Programmer/Network administrator  ^..^
PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e   \/
Internet: michael@kjorling.com -- FidoNet: 2:204/254.4

"There is something to be said about not trying to be glamorous
and popular and cool. Just be real -- and life will be real."
(Joyce Sequichie Hifler, September 13 2001, www.hifler.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Public key is at http://michael.kjorling.com/contact/pgp.html

iD8DBQE8DTDOKqN7/Ypw4z4RAsHzAKDZxgcb/GCkI/l+o5r8MQzO+kDSqwCgg58C
gVmEqWpJ3HPT/3AEoVNsD2I=
=5yOs
-----END PGP SIGNATURE-----