Hi all,
I adjust a script to update a local DNS zone file and worked ok. Now I have a custom method to update the FQDN to the "dynamic" ipv6 address my server gets. Why dynamic? Because the ipv6 address has the pd prefix announced from the isp and the "Static" interface id part. Because of having global unicast addresses on all hosts you have to add an access-list on your interface with your provider in order to limit the access to your hosts (when something is not needed). But let's say now that you got an ftp server, or a www server on a host. How can you set your access list? Since you have no clue what your ipv6 pd will be like you have to permit all inbound traffic from internet to all hosts to ports 80 and/or 25. On ipv4/nat era you didn't have that kind of problem. You natted what was necessary to the specific host and you were fine. Is there any change to set ipv6 ACL configured with a general-prefix? I now it does not make a lot of sense but it could be a way to resolve that issue. IS there a way to allow some services to internal hosts without exposing everything to internet? (Of course we assume that you do not have a static prefix assigned to you) Thanks! _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
