Thanks for that feedback. This is what we need to know. /jim > -----Original Message----- > From: Mohacsi Janos [mailto:[EMAIL PROTECTED] > Sent: Friday, March 18, 2005 11:52 AM > To: Bound, Jim > Cc: Michael Banta; [email protected] > Subject: RE: 2002 addresses > > Hi Jim, > I tried teredo and I found much easier to provide IPv6 > connectivity to a NAT-ed segment enabling IPv6 firewalling on > the firewall > or add additional IPv6 capable firewall next to the IPv4 only > firewall. > From security point of view Teredo relay can be used as a source of > malicious traffic. Teredo is difficult to deploy, since you > need externel > teredo server to rely on. > > Regards, > > Janos Mohacsi > Network Engineer, Research Associate > NIIF/HUNGARNET, HUNGARY > Key 00F9AF98: 8645 1312 D249 471B DBAE 21A2 9F52 0D1F 00F9 AF98 > > > On Fri, 18 Mar 2005, Bound, Jim wrote: > > > Teredo is not a nightmare. But it does require > coordinating functions > > and nodes externally. I am not advocating but I do not like to see > > folks declare any hardwork or ideas as nightmares at this > point we have > > so little. Teredo spec documents its limitations as all > mechanisms. It > > also permits one to punch through the firewall which can be > dangerous > > without proper diligence. > > > > /jim > > > >> -----Original Message----- > >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > >> Behalf Of Mohacsi Janos > >> Sent: Friday, March 18, 2005 7:02 AM > >> To: Michael Banta > >> Cc: [email protected] > >> Subject: Re: 2002 addresses > >> > >> > >> > >> > >> > >> On Thu, 17 Mar 2005, Michael Banta wrote: > >> > >>> Ok, things are starting to make a little more sense, > thank you all. > >>> > >>> I was ready to assign an IP of 2002: to a windows xp client > >> when I realized > >>> that this machine is behind a firewall and has a nat'ed address of > >>> 10.0.10.x. I would not think that would be allowed. > >>> > >>> Is this a correct assumption? > >> > >> Yes. For 6to4 you need at least one global IPv4 address on > >> your router. > >> Behind NAT you might try to use Teredo nightmare.... > >> > >> Regards, > >> > >> Janos Mohacsi > >> Network Engineer, Research Associate > >> NIIF/HUNGARNET, HUNGARY > >> Key 00F9AF98: 8645 1312 D249 471B DBAE 21A2 9F52 0D1F 00F9 AF98 > >>> > >>> Thanks > >>> Mike > >>> > >>> > >> > --------------------------------------------------------------------- > >>> The IPv6 Users Mailing List > >>> Unsubscribe by sending "unsubscribe users" to [EMAIL PROTECTED] > >>> > >> > --------------------------------------------------------------------- > >> The IPv6 Users Mailing List > >> Unsubscribe by sending "unsubscribe users" to [EMAIL PROTECTED] > >> > > >
--------------------------------------------------------------------- The IPv6 Users Mailing List Unsubscribe by sending "unsubscribe users" to [EMAIL PROTECTED]
