[170020] in North American Network Operators' Group
Re: misunderstanding scale (was: Ipv4 end, its fake.)
daemon@ATHENA.MIT.EDU (Philip Dorr)
Sun Mar 23 14:30:27 2014
In-Reply-To: <201403232009.47085.mark.tinka@seacom.mu>
Date: Sun, 23 Mar 2014 13:27:57 -0500
From: Philip Dorr <tagno25@gmail.com>
To: mark.tinka@seacom.mu
Cc: John Levine <johnl@iecc.com>, nanog@nanog.org
Reply-To: tagno25@gmail.com
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mar 23, 2014 1:11 PM, "Mark Tinka" <mark.tinka@seacom.mu> wrote:
>
> On Sunday, March 23, 2014 06:57:26 PM Mark Andrews wrote:
>
> > I was at work last week and because I have IPv6 at both
> > ends I could just log into the machines at home as
> > easily as if I was there. When I'm stuck using a IPv4
> > only service on the road I have to jump through lots of
> > hoops to reach the internal machines.
>
> I expect this to change little in the enterprise space. I
> think use of ULA and NAT66 will be one of the things
> enterprises will push for, because how can a printer have a
> public IPv6 address that is reachable directly from the
> Internet, despite the fact that there is a properly
> configured firewall at the perimetre offering half-decent
> protection?
That is what a firewall is for. Drop new inbound connections, allow
related, and allow outbound. Then you allow specific IP/ports to have
inbound traffic. You may also only allow outbound traffic for specific
ports, or from your proxy.
