nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: misunderstanding scale (was: Ipv4 end, its fake.)

From: Philip Dorr <tagno25 () gmail com>
Date: Sun, 23 Mar 2014 13:27:57 -0500
On Mar 23, 2014 1:11 PM, "Mark Tinka" <mark.tinka () seacom mu> wrote:


On Sunday, March 23, 2014 06:57:26 PM Mark Andrews wrote:


I was at work last week and because I have IPv6 at both
ends I could just log into the machines at home as
easily as if I was there. When I'm stuck using a IPv4
only service on the road I have to jump through lots of
hoops to reach the internal machines.


I expect this to change little in the enterprise space. I
think use of ULA and NAT66 will be one of the things
enterprises will push for, because how can a printer have a
public IPv6 address that is reachable directly from the
Internet, despite the fact that there is a properly
configured firewall at the perimetre offering half-decent
protection?


That is what a firewall is for.  Drop new inbound connections, allow
related, and allow outbound.  Then you allow specific IP/ports to have
inbound traffic.  You may also only allow outbound traffic for specific
ports, or from your proxy.
Previous By Date Next
Previous By Thread Next

Current thread: