On 02/08/2016 05:12 PM, Benny Pedersen wrote:
> On 2016-02-09 01:19, Tom Eastep wrote:
>> On 02/08/2016 10:28 AM, Benny Pedersen wrote:
>>> On 2016-02-08 17:56, Tom Eastep wrote:
>>>>> (slaac workaround)
>>>> Same as it is in Shorewall (ipv4) - with an entry in
>>>> /etc/shorewall6/masq:
>>>> <interface> ::/0 your_ipv6_address tcp 43
>> Thanks for the confirmation, Benny.
>
> i got the problem solved with could be solved in linode.com staff to
> just use one single /64, split it to 2 /96 so the first /32 part it for
> slaac and the remaining is for the user, that way even if users use
> slaac without snat it will still be in the same /64 with is for spamhaus
> one single user
>
> as linode now have it there is a /64 for slaac, and another /64 for user
> ipv6, waste of ips, and it does imho not need to be that complicated
>
>> To complete this thread, the SOURCE column can be left empty ("-") - it
>> isn't necessary to specify ::/0.
>
> so if i change it:
>
> <interface> - your_ipv6_address tcp -
>
> it will snat all ports ?, rationaly why limit snat to whois ?
>
> is portrange 0-65535 better ?
> My personal preference is to avoid NAT whenever possible. > thanks for shorewall, without it i would not had a firewall at all You are most welcome. Glad to hear that it works for you. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
