Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 11-03-2015, 03:54 PM   #1
LQ Newbie
Registered: Apr 2010
Posts: 9

Rep: Reputation: 0
How-to obscure local IPv6 addresses for the world

I am using IPv4 currently where only my server is exposed to the outside world. All other devices are hidden behind a second FW and can't be reached from the outside world.
I also have a static IPv6 address but does not use it yet. Now, I am looking to start using the dual-stack option, but I am afraid that my local systems are being reachable from the outside world.

There is much data about IPv6 on the Internet, but I have not found (yet) info on how to shield your local systems as good as on a IPv4 network.

Hope someone can point me in the right direction or has ready answers

Regards, Frans.
Old 11-04-2015, 12:22 PM   #2
Senior Member
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: Fedora
Posts: 4,138

Rep: Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263
NAT gave IPv4 some immunity by accident since you can't receive unsolicited traffic from the internet. For IPv6 you should block all traffic at the firewall using ip6tables and only open the ports where you need to receive traffic. If your box does not need to receive unsolicited traffic, then you should only route established tcp sessions to it using connection tracking. This means you forward "NEW" packets from inside to outside and "ESTABLISHED,RELATED" from outside to inside. This creates some issues with services that open a secondary port, but they are the same issues as IPv4/NAT.
Old 11-04-2015, 12:25 PM   #3
LQ Sage
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~amd64
Posts: 7,661

Rep: Reputation: Disabled
Old 11-04-2015, 02:56 PM   #4
LQ Newbie
Registered: Apr 2010
Posts: 9

Original Poster
Rep: Reputation: 0
Thanks for the pointers. The thing is that I just don't want the outside world to knock on my local systems. They can knock on my inner FW, but no further. It is not that I have a need to really obscure my IPv6 addresses, just don't want the outside world in without reason.

Come to think of, my inner FW just blocks every incoming request too. I only needed to use NAT on the outside FW. Using dual-stack I still need this for IPv4 protocols, but there is no need for it when using IPv6. As long as my local systems are not directly reachable for the outside using a FW.

Ok, I think I understand it a little better and will take the next step into the experiment.

--, Frans.

Last edited by fransdb; 11-04-2015 at 02:59 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
why do i have two global ipv6 addresses mpyusko Debian 6 02-05-2014 08:47 AM
LXer: ITC: How an obscure bureaucracy makes the world safe for patent trolls LXer Syndicated Linux News 0 09-22-2012 02:31 PM
[SOLVED] how to map local addresses to FQDN addresses with postfix sneakyimp Linux - Server 5 08-04-2011 03:18 PM
LXer: Another IPv6 Crash Course For Linux: Real IPv6 Addresses, Routing, Name Services LXer Syndicated Linux News 0 04-21-2011 07:40 AM
[SOLVED] Validate IPv6 addresses ashok.g Programming 2 06-19-2010 04:49 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:01 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration