On 9/27/2015 8:37 AM, Brian J. Murrell wrote: > On Sat, 2015-09-26 at 18:16 -0700, Tom Eastep wrote: > >> I'm afraid that I'm not following you -- the only difference between >> Shorewall's IPv4 and IPv6 support in this area is that IPv4 supports >> multi-hop routes and IPv6 doesn't; and that's a kernel limitation. > > It's not really a technical IPv4 vs. IPv6 difference as much as it's > the status quo use of them in the real world. The real functionality > difference is in how most consumer IPv4 connections are provided and > that is with a single v4 IP address which is NATted to at the router. > That gives the router ultimate control over which ISP to send the > host's request to. > > With routed (IPv6) the nodes themselves are making that decision. The > only way (that I see) for the router to influence that is to decide > which prefixes it will announce to the LAN. But even then you don't > get to do finer grained policy control like having the LAN hosts use > one connection for NNTP and another connection for everything else.
Using SNAT and packet marking, you can do the same thing on your router with IPv6 as you can with IPv4, AFAIK. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
