--On Monday, July 01, 2002 11:41:09 PM -0300 Ricardo Siri
<[EMAIL PROTECTED]> wrote:
> I am working in a LAN with an IPv6 island
>
> I am going to configure a tunnel (configured tunnell) to reach the
> 6bone. The network manager asked me what kind of permission do I
> need in the firewall to allow the transit of IPv6_into_IPv4
> encapsulated paquets.
>
> Does anyone have any experience with this? Thanks.
Don't forget (and tell this also the network manager!) that this kind
of opening your internal network will compromise your current
firewall security policy similar to e.g. HTTPS, ICMP or DNS tunnels!
If you don't filter the traffic on the local IPv6 tunnel endpoint,
you're IPv6'ly completly open.
For IPv6 firewalling see e.g. here:
http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/chapter-firewalling-securi
ty.html
Better way is to create a separate LAN which has no connection
(neither v6 nor v4) to the other ones.
BTW: If you're looking for a commercial IPv6-enabled firewall: none
is available, only Linux 2.4, BSD and some routers (Juniper,
Telebit?) are able to filter IPv6 traffic based on ports. Cisco afaik
currently only supports standard ACLs for IPv6 which let you only
specify one IPv6 address(-range).
Peter
---------------------------------------------------------------------
The IPv6 Users Mailing List
Unsubscribe by sending "unsubscribe users" to [EMAIL PROTECTED]
