IPv6, firewall issues and numbering schemes

Flavio Villanustre lists@geminis.myip.org
Tue, 4 Dec 2001 23:44:09 -0300 (ART)


Hi Michael...

On Tue, 4 Dec 2001, Michael Kjorling wrote:

> Is it possible to set up at least an IPv4 tunnel so that I can gain
> external IPv6 connectivity, with this firewall still in place? Or will
> I have to bitch at the manufacturer, or even ditch that box it for
> something more flexible?
Many firewalls just ignore content of packets so if you can let normal 
IPv4 transverse it (by allowing ip connectivity between your IPv4/IPv6 
gateway and a tunnel broker) you will be probably able to establish an 
IPv6 over IPv4 tunnel without problems.

> Also if someone would care to point me to some documents specifying a
> common or recommended IPv6 numbering scheme, that would be great. I
> have been thinking about using the 64-bit local part as 48 bit MAC
> address + 16 bit counter, but this would mean addresses that are even
> harder to remember than usual, and may have security implications as
> well (publishing local addresses in global DNS). Suggestions or
> pointers on this topic are also greatly appreciated!
> 
IPv6 features autodiscovery and autoconfiguration in LAN environments. So 
as soon as you load RADVD (route advertisement daemon) on your gateway, 
IPv6 capable machines will autoconfigure themselves (hopefully) 
discovering their own ip addresses as well as their gateway. That's a good 
starting point. After that you can begin experimenting with DHCPv6, etc.
However I'd recommend you reading latest IPv6 allocation policies ietf 
documents (you can find them from pointers in http://www.6bone.net or 
http://geminis.myip.org). It's worth a read.


Regards and good luck,

Flavio.