[133479] in North American Network Operators' Group
Re: Pointer for documentation on actually delivering IPv6
daemon@ATHENA.MIT.EDU (Pete Carah)
Fri Dec 10 01:29:02 2010
Date: Fri, 10 Dec 2010 01:28:55 -0500
From: Pete Carah <pete@altadena.net>
To: nanog@nanog.org
In-Reply-To: <0908B861-9D71-4AE6-B727-D4C5DFA5F209@bsdboy.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 12/10/2010 12:52 AM, Wil Schultz wrote:
> On Dec 9, 2010, at 9:39 PM, George Bonser wrote:
>
>>
>>>> Speaking of IPV6 security, is there any movement towards any open
>>> source
>>>> IPV6 firewall solutions for the consumer / small business?
>>>>
>>>> Almost all the info I've managed to find to date indicates no
>>> support, nor
>>>> any planned support in upcoming releases.
>>>>
>>>> Any info would be helpful.
>>> monowall and openwrt (both for embedded routers support v6 without
>>> drama.
>> I believe Shorewall does too, now.
>>
>>
>>
> FreeBSD w/ PF seems to work great as well. :-)
I'll second that; for 8-12 mbit with no vlans it even runs fine on a
Soekris 4801 (I have 2 4801's and a 5500 (which has a fairly complicated
internal vlan-based network and a 20meg external connection) doing
normal nat + HE tunnel to native v6 internally. Since my boss got win7
going there is plenty of exercise for the v6 path. I suspect the OP
wants a consumer-level gui though, which plain fbsd doesn't do, and
there are some tricky parts to v6 pf configuration to handle ra and ndp
(which I hope will get documented someday - 2 extra pass rules that you
wouldn't expect to need). One of these days we will get native v6
coming in (hint, comcast :-)
-- Pete
> -wil
