Добро пожаловать, Гость. Пожалуйста авторизуйтесь здесь.
FGHIGate на GaNJa NeTWoRK ST@Ti0N - Просмотр сообщения в эхоконференции IPV6
Введите FGHI ссылку:


Присутствуют сообщения из эхоконференции IPV6 с датами от 31 Jul 11 14:37:00 до 03 Oct 24 21:46:09, всего сообщений: 7440
Ответить на сообщение К списку сообщений Предыдущее сообщение Следующее сообщение
= Сообщение: 4052 из 7440 ============================================= IPV6 =
От   : Michiel van der Vlist            2:280/5555         14 Jan 17 01:03:03
Кому : Tony Langdon                                        14 Jan 17 01:03:03
Тема : Connect...??
FGHI : area://IPV6?msgid=2:280/5555+58796e2a
На   : area://IPV6?msgid=2508.fido-ipv6@3:633/410+1cde92b3
= Кодировка сообщения определена как: CP850 ==================================
Ответ: area://IPV6?msgid=2510.fido-ipv6@3:633/410+1cdef0a1
==============================================================================
Hello Tony,

On Saturday January 14 2017 08:31, you wrote to me:

TL> Mine has separate pages, but uses (incorrectly) "port forwarding"
 TL> terminology for IPv6.

MvV>> I don't like this way of presenting it. It is indeed dumbing
 MvV>> things down and it creates confusion for both the experienced
 MvV>> and the dummies. Hé, why can't I enter external addresses and
 MvV>> ports for IPv6?

TL> Join the club.  It would have been better to have the IPv6 filtering
 TL> as part of the "firewall" settings, where you can allow and block
 TL> traffic to hosts, ports and protocols, since that is what is happening
 TL> on IPv6.

Indeed, it is a firewall function. What, in my opinion, went wrong is that the IPv4 NAT was presented as a firewall. Which it isn't. Although in some way NAT /acts/ as a firewall in that it blocks unsollicited incoming packets, unless explicitly told what to do with it, it is not a firewall. The blocking is just a emergent effect.

A real firewall is something different. If so configured, it also blocks unsollicited incoming packets. But it can do more that that. It can also detect certain kind of attacks, port scans, flooding etc. Plus that a firewall can also act on outgoing traffic. OTOH, a firewall can not do translation. It is not a NAT.

I guess we will have to live with what seems to be evolving practice: it is both called "forwarding"..

TL>> So, when you're using IPv6, an extra constraint is that the host
 TL>> needs to be listening on the same port that the public sees

MvV>> Indeed, but explain that to a newbie... Considering IPv4 and
 MvV>> IPv6 are on the same page named "port forwarding".

TL> Exactly!

I am a bad teacher, I won't even try..

TL>> (My router only has a single field for the port in IPv6).

MvV>> Here I can enter a port range, but only one set for IPv6. For
 MvV>> IPv4 there is an external and an internal range. (Which must be
 MvV>> of equal size of course).

TL> I think I can enter a range, has been ages since I've tweaked my IPv6
 TL> firewall.
 TL> :)

I put this new IPv6 capable modem/router into service six weeks ago. So I had to delve into it again.

TL> ... This is abuse, arguments are down the hall.

I loved that sketch! ;-)


Cheers, Michiel

--- GoldED+/W32-MSVC 1.1.5-b20130111
* Origin: he.net certified sage (2:280/5555)

К главной странице гейта
Powered by NoSFeRaTU`s FGHIGate
Открытие страницы: 0.066212 секунды