I tried teredo and I found much easier to provide IPv6 connectivity to a NAT-ed segment enabling IPv6 firewalling on the firewall or add additional IPv6 capable firewall next to the IPv4 only firewall.
From security point of view Teredo relay can be used as a source ofmalicious traffic. Teredo is difficult to deploy, since you need externel teredo server to rely on.
Regards,
Janos Mohacsi Network Engineer, Research Associate NIIF/HUNGARNET, HUNGARY Key 00F9AF98: 8645 1312 D249 471B DBAE 21A2 9F52 0D1F 00F9 AF98
On Fri, 18 Mar 2005, Bound, Jim wrote:
Teredo is not a nightmare. But it does require coordinating functions and nodes externally. I am not advocating but I do not like to see folks declare any hardwork or ideas as nightmares at this point we have so little. Teredo spec documents its limitations as all mechanisms. It also permits one to punch through the firewall which can be dangerous without proper diligence.
/jim
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mohacsi Janos Sent: Friday, March 18, 2005 7:02 AM To: Michael Banta Cc: [email protected] Subject: Re: 2002 addresses
On Thu, 17 Mar 2005, Michael Banta wrote:
when I realizedOk, things are starting to make a little more sense, thank you all.
I was ready to assign an IP of 2002: to a windows xp clientthat this machine is behind a firewall and has a nat'ed address of 10.0.10.x. I would not think that would be allowed.
Is this a correct assumption?
Yes. For 6to4 you need at least one global IPv4 address on your router. Behind NAT you might try to use Teredo nightmare....
Regards,
Janos Mohacsi Network Engineer, Research Associate NIIF/HUNGARNET, HUNGARY Key 00F9AF98: 8645 1312 D249 471B DBAE 21A2 9F52 0D1F 00F9 AF98---------------------------------------------------------------------
Thanks Mike
The IPv6 Users Mailing List Unsubscribe by sending "unsubscribe users" to [EMAIL PROTECTED]
--------------------------------------------------------------------- The IPv6 Users Mailing List Unsubscribe by sending "unsubscribe users" to [EMAIL PROTECTED]
--------------------------------------------------------------------- The IPv6 Users Mailing List Unsubscribe by sending "unsubscribe users" to [EMAIL PROTECTED]
