Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

(It is an old Debian tradition to leave at least twice a year ...) -- Sven Rudolph


computers / comp.os.linux.networking / Re: IPv6 Hardware Firewall

SubjectAuthor
* IPv6 Hardware FirewallMike Mocha
+* Re: IPv6 Hardware FirewallMarco Moock
|+- Re: IPv6 Hardware FirewallMarc Haber
|`* Re: IPv6 Hardware FirewallMike Scott
| `- Re: IPv6 Hardware FirewallMarco Moock
+- Re: IPv6 Hardware FirewallMarc Haber
+- Re: IPv6 Hardware FirewallDan Purgert
+* Re: IPv6 Hardware FirewallGrant Taylor
|+* Re: IPv6 Hardware FirewallMarco Moock
||`* Re: IPv6 Hardware FirewallGrant Taylor
|| `* Re: IPv6 Hardware FirewallDan Purgert
||  +* Re: IPv6 Hardware FirewallMarco Moock
||  |`* Re: IPv6 Hardware FirewallDan Purgert
||  | `* Re: IPv6 Hardware FirewallGrant Taylor
||  |  `- Re: IPv6 Hardware FirewallDan Purgert
||  `* Re: IPv6 Hardware FirewallGrant Taylor
||   `* Re: IPv6 Hardware FirewallDan Purgert
||    `- Re: IPv6 Hardware FirewallGrant Taylor
|`* Re: IPv6 Hardware FirewallMarc Haber
| `* Re: IPv6 Hardware FirewallGrant Taylor
|  `* Re: IPv6 Hardware FirewallDan Purgert
|   `* Re: IPv6 Hardware FirewallGrant Taylor
|    +* Re: IPv6 Hardware FirewallMarco Moock
|    |+* Re: IPv6 Hardware FirewallGrant Taylor
|    ||`* Re: IPv6 Hardware FirewallMarc Haber
|    || `* Re: IPv6 Hardware FirewallGrant Taylor
|    ||  `- Re: IPv6 Hardware FirewallMarc Haber
|    |`* Re: IPv6 Hardware FirewallJorgen Grahn
|    | +* Re: IPv6 Hardware FirewallMarco Moock
|    | |`- Re: IPv6 Hardware FirewallMarc Haber
|    | `* Re: IPv6 Hardware FirewallGrant Taylor
|    |  `* Re: IPv6 Hardware FirewallMarco Moock
|    |   `* Re: IPv6 Hardware FirewallGrant Taylor
|    |    `* Re: IPv6 Hardware FirewallMarco Moock
|    |     `- Re: IPv6 Hardware FirewallGrant Taylor
|    `* Re: IPv6 Hardware FirewallDan Purgert
|     `* Re: IPv6 Hardware FirewallGrant Taylor
|      +- Re: IPv6 Hardware FirewallDan Purgert
|      `* Re: IPv6 Hardware FirewallMarc Haber
|       +* Re: IPv6 Hardware FirewallMarco Moock
|       |`* Re: IPv6 Hardware FirewallGrant Taylor
|       | +* Re: IPv6 Hardware FirewallMarco Moock
|       | |`- Re: IPv6 Hardware FirewallGrant Taylor
|       | `* Re: IPv6 Hardware FirewallMarc Haber
|       |  `* Re: IPv6 Hardware FirewallGrant Taylor
|       |   +* Re: IPv6 Hardware FirewallMarco Moock
|       |   |`* Re: IPv6 Hardware FirewallBit Twister
|       |   | `* Re: IPv6 Hardware Firewalljrg
|       |   |  `* Re: IPv6 Hardware FirewallBit Twister
|       |   |   `* Re: IPv6 Hardware Firewalljrg
|       |   |    `* Re: IPv6 Hardware FirewallBit Twister
|       |   |     `* Re: IPv6 Hardware Firewalljrg
|       |   |      `- Re: IPv6 Hardware FirewallDavid W. Hodgins
|       |   `* Re: IPv6 Hardware FirewallMarc Haber
|       |    `* Re: IPv6 Hardware FirewallGrant Taylor
|       |     `- Re: IPv6 Hardware FirewallMarco Moock
|       `* Re: IPv6 Hardware FirewallGrant Taylor
|        `* Re: IPv6 Hardware FirewallMarc Haber
|         `* Re: IPv6 Hardware FirewallGrant Taylor
|          +* Re: IPv6 Hardware FirewallMarc Haber
|          |`* Re: IPv6 Hardware FirewallGrant Taylor
|          | `* Re: IPv6 Hardware FirewallMarc Haber
|          |  `* Re: IPv6 Hardware FirewallGrant Taylor
|          |   +- Re: IPv6 Hardware FirewallMarco Moock
|          |   `- Re: IPv6 Hardware FirewallMarc Haber
|          `* Re: IPv6 Hardware FirewallMarco Moock
|           `* Re: IPv6 Hardware FirewallGrant Taylor
|            +* Re: IPv6 Hardware FirewallMarco Moock
|            |`- Re: IPv6 Hardware FirewallGrant Taylor
|            `* Re: IPv6 Hardware FirewallMarc Haber
|             `* Re: IPv6 Hardware FirewallGrant Taylor
|              `- Re: IPv6 Hardware FirewallMarc Haber
`* Re: IPv6 Hardware FirewallRoger Blake
 +* Re: IPv6 Hardware FirewallMarco Moock
 |+* Re: IPv6 Hardware FirewallGrant Taylor
 ||+* Re: IPv6 Hardware FirewallMarco Moock
 |||`* Re: IPv6 Hardware FirewallGrant Taylor
 ||| `- Re: IPv6 Hardware Firewallmeff
 ||`* Re: IPv6 Hardware FirewallVincent Coen
 || `* Re: IPv6 Hardware FirewallGrant Taylor
 ||  `* Re: IPv6 Hardware FirewallVincent Coen
 ||   +- Re: IPv6 Hardware FirewallMarco Moock
 ||   `* Re: IPv6 Hardware FirewallGrant Taylor
 ||    `* Re: IPv6 Hardware FirewallMarco Moock
 ||     `- Re: IPv6 Hardware FirewallGrant Taylor
 |`* Re: IPv6 Hardware FirewallRoger Blake
 | `* Re: IPv6 Hardware FirewallMarco Moock
 |  +* Re: IPv6 Hardware FirewallMarc Haber
 |  |+* Re: IPv6 Hardware FirewallMarco Moock
 |  ||`* OT Re: IPv6 Hardware Firewalljrg
 |  || `* Re: OT Re: IPv6 Hardware FirewallMarco Moock
 |  ||  `- Re: OT Re: IPv6 Hardware Firewalljrg
 |  |`- Re: IPv6 Hardware FirewallRoger Blake
 |  `* Re: IPv6 Hardware FirewallRoger Blake
 |   `- Re: IPv6 Hardware Firewalljrg
 `* Re: IPv6 Hardware FirewallMarc Haber
  +* Re: IPv6 Hardware FirewallMike Mocha
  |+* Re: IPv6 Hardware FirewallMarco Moock
  ||+- Re: IPv6 Hardware FirewallRoger Blake
  ||`* Re: IPv6 Hardware FirewallDavid Brown
  || `* Re: IPv6 Hardware FirewallMarco Moock
  |+- Re: IPv6 Hardware Firewallmeff
  |`- Re: IPv6 Hardware FirewallDan Purgert
  `* Re: IPv6 Hardware FirewallRoger Blake

Pages:1234567
Re: IPv6 Hardware Firewall

<20220216211849.5c24bcb4@ryz>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=391&group=comp.os.linux.networking#391

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: mo0...@posteo.de (Marco Moock)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Wed, 16 Feb 2022 21:18:49 +0100
Organization: A noiseless patient Spider
Lines: 7
Message-ID: <20220216211849.5c24bcb4@ryz>
References: <VLKMJ.19775$iK66.8601@fx46.iad>
<20220209230421@news.eternal-september.org>
<su2kpj$1gb44$1@news1.tnib.de>
<9eoNJ.42368$%uX7.41616@fx38.iad>
<20220211094118.25fc3210@ryz>
<suanni$gn6$1@dont-email.me>
<20220213135148.0dc315e6@ryz>
<sugu35$ia2$1@tncsrv09.home.tnetconsulting.net>
<20220215211807.08a73313@ryz>
<suhler$ege$1@dont-email.me>
<20220216162643.14b162e1@ryz>
<slrnt0qaop.idl.dan@djph.net>
<20220216191307.0fd4d19e@ryz>
<sujkt1$sg9c$1@news1.tnib.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: reader02.eternal-september.org; posting-host="a6032177e0d5738f57fdc11185ddcc11";
logging-data="4479"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19DgzT1OnrKrXo1ATRLSjIh"
Cancel-Lock: sha1:uDvMVxhwYEJttrf1wnRbutSAwJw=
X-Newsreader: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
 by: Marco Moock - Wed, 16 Feb 2022 20:18 UTC

Am Mittwoch, 16. Februar 2022, um 20:56:17 Uhr schrieb Marc Haber:

> ¹ there are no subnets in IPv6, but you get the idea

Why there are no subnets in Ipv6?
I can do subnetting just like with IPv4.

Re: IPv6 Hardware Firewall

<sul00u$vgi$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=392&group=comp.os.linux.networking#392

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: david.br...@hesbynett.no (David Brown)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Thu, 17 Feb 2022 09:12:13 +0100
Organization: A noiseless patient Spider
Lines: 126
Message-ID: <sul00u$vgi$1@dont-email.me>
References: <VLKMJ.19775$iK66.8601@fx46.iad>
<20220209230421@news.eternal-september.org> <su2kpj$1gb44$1@news1.tnib.de>
<9eoNJ.42368$%uX7.41616@fx38.iad> <20220211094118.25fc3210@ryz>
<suanni$gn6$1@dont-email.me> <20220213135148.0dc315e6@ryz>
<sugu35$ia2$1@tncsrv09.home.tnetconsulting.net> <20220215211807.08a73313@ryz>
<suip2k$87a$1@dont-email.me> <20220216191210.24dbafce@ryz>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 17 Feb 2022 08:12:14 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="6b240e7ed48f1e5988dfa78ee4ff1fe2";
logging-data="32274"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/rj2wMvpYUORue1Uqaz8UQFxL/gRDUsMs="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.11.0
Cancel-Lock: sha1:QttJ4JQu4wzzCjW92zFAvmHtUxY=
In-Reply-To: <20220216191210.24dbafce@ryz>
Content-Language: en-GB
 by: David Brown - Thu, 17 Feb 2022 08:12 UTC

On 16/02/2022 19:12, Marco Moock wrote:
> Am Mittwoch, 16. Februar 2022, um 13:01:23 Uhr schrieb David Brown:
>
>> On 15/02/2022 21:18, Marco Moock wrote:
>>> Am Dienstag, 15. Februar 2022, um 12:15:00 Uhr schrieb Grant Taylor:
>>>
>>>> On 2/13/22 5:51 AM, Marco Moock wrote:
>>>
>>
>>>>> Then they can operate an SPI firewall. Windows has one enabled by
>>>>> default, most home routers have one enabled.
>>>>
>>>> I think that it's important to keep time & context in mind.
>>>> Windows has an SPI firewall enabled by default /now/. It did not
>>>> 20 years ago.
>>>
>>> I know, but the main problem already was and is still that Windows
>>> is running server software by default.
>>
>> Does it matter if all security problems are from Windows? Windows is
>> very common on desktops, laptops, and even servers. You don't have to
>> like it, but you have to deal with it.
>
> That's what I do.
> I tell everybody running Windows about that and offer to configure
> their system that way that these services are turned off.

While that sort of thing is a good idea (if it is practical), it's a
never-ending battle. Who knows what services will be turned on again by
the next Windows update?

>
>> In reality, all OS's have flaws, and many modern Linux distributions
>> have ports open in their default installation. Then come the users,
>> who might do any kind of misconfiguration or run software that has
>> bugs in it. Windows has more than its fair share of security issues,
>> historically even more so, but only a fool thinks other systems are
>> "safe".
>
> I know, I mostly use Ubuntu and it has mDNS (Avahi) by default. That is
> the first thing I uninstall, although it only affect the link-local
> area.
>

Peer-to-peer services are common now. If someone installs Dropbox on
their system (hardly an obscure piece of software), you have services
open on the local network. I expect most people have more than they are
aware of. And most users are not experts.

>> Does anyone other that /you/ use the networks you set up and run? Do
>> you have anything on the networks other than *nix machines that you
>> have personally configured and checked? What about phones? Printers
>> at the office? Apple TV and amart power meter on the home network?
>> Are you /sure/ that none of these have flaws?
>
> My family uses the home network. They are aware that IPv6 isn't
> firewalled, IPv4 uses NAT so they are SPI-firewalled regardless if they
> want it or not.
>

You must have an unusual family! Few people other than professional
network experts will know more about IPv6 than "I read about it many
years ago - it was to be the new version of IPv4, but I heard nothing
since".

>> Unless you are absolutely sure that you have full control over /all/
>> systems on a network, and their users, then you /do/ rely on
>> firewalling.
>
> I often check the computers with nmap. For me that is enough,
> especially because finding IPv6 computers with EUI64 addresses outside
> of the local link is a very slow process unless they connect to you.
>
>>> Yes, that is what I mean because that often creates problems.
>>> Forst, DNS uses caching and a computer that was outside my have the
>>> public IP in its cache (TTL not expired yet) and will not ask the
>>> name server again when coming to the internal net.
>>
>> Short TTL's work fine in such cases. I have never heard of this
>> being a problem in practice.
>
> I already experienced it. Short TTL's are creating more DNS traffic. I
> see no reason for that if it is possible to avoid it.
>

DNS traffic is cheap. I mean, I appreciate the aim of avoiding obvious
inefficiencies or wasted bandwidth. But put a wireshark on the traffic
going to your router from a reasonable sized mixed-computer LAN, and
look at what's there. The DNS traffic will be a tiny fraction of a
percent by packet count, and much less than that by bytes. And if you
look at the DNS traffic and the domain names referenced, a tiny fraction
of those will be for names in your own domain - a user looking at one
modern web page is likely to be asking for 50 or more domain names.
Short TTL's are not the kind of problem they were in the days of dial-up
modems.

>> Computers should get their DNS via DHCP unless you have very specific
>> reasons for picking something different. Normal users don't get to
>> faff around with their DNS settings any more than they get to choose
>> their own IP address.
>
> I experienced that many users configure their own DNS because they
> think it is "better" in any way. I also know locations (my school) that
> practises DNS spoofing. This causes people to implement DNSoTLS to go
> around that restriction.
>

If I found someone setting up their own DNS choices on the network I run
at my company, that person would be in for a serious talk. The result
would be that they would never again be messing with things with
potential consequences beyond their understanding - or they would be
deputised as assistant IT support!

>> I like IPv4 - addresses are easier to remember than IPv6.
>
> I know, but if you only need link-local connectivity you can give them
> specific link-local addresses. I do that with my router (fe80::1).
> If you need routable addresses you can use ULA without randomizing bit
> 8 to bit 48, but only do that if you are 100% sure you will never
> want to connect your link with anybody else's link.
>

It's probably time I looked more seriously at IPv6 - this thread and
posts like yours have inspired me there. (Thanks for that.) It sounds
that there are differences in the kind of network and users we deal
with, and that leads to different experiences and different solutions.

Re: IPv6 Hardware Firewall

<sul69t$v60o$1@news1.tnib.de>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=393&group=comp.os.linux.networking#393

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!news1.tnib.de!feed.news.tnib.de!news.tnib.de!.POSTED.torres.zugschlus.de!not-for-mail
From: mh+usene...@zugschl.us (Marc Haber)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Thu, 17 Feb 2022 10:59:25 +0100
Organization: private site, see http://www.zugschlus.de/ for details
Message-ID: <sul69t$v60o$1@news1.tnib.de>
References: <slrnt0ap4h.5ru.dan@djph.net> <su3pvb$3r2$1@tncsrv09.home.tnetconsulting.net> <slrnt0au84.5ru.dan@djph.net> <su3unv$th6$1@tncsrv09.home.tnetconsulting.net> <su5nuu$47ba$1@news1.tnib.de> <su69tq$haj$2@tncsrv09.home.tnetconsulting.net> <su800s$82u7$1@news1.tnib.de> <su9r2e$au4$1@tncsrv09.home.tnetconsulting.net> <suav9e$d7k7$1@news1.tnib.de> <sugsr5$rmf$1@tncsrv09.home.tnetconsulting.net> <suicj1$qcj7$1@news1.tnib.de> <sujlc7$eh$1@tncsrv09.home.tnetconsulting.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 17 Feb 2022 09:59:25 -0000 (UTC)
Injection-Info: news1.tnib.de; posting-host="torres.zugschlus.de:85.214.160.151";
logging-data="1021976"; mail-complaints-to="abuse@tnib.de"
X-Newsreader: Forte Agent 6.00/32.1186
 by: Marc Haber - Thu, 17 Feb 2022 09:59 UTC

Grant Taylor <gtaylor@tnetconsulting.net> wrote:
>On 2/16/22 1:28 AM, Marc Haber wrote:
>> All those would also apply for IPv4, are thus not a liability of IPv6.
>
>Not quite.
>
>IPv4 doesn't /require/ the use of a link-local address. IPv6 does.
>
>IPv4 would likely not have the old, current, and new IPv4 address all at
>the same time.

You're building a strawman. You constructed a machine with multiple
interfaces and blamed the necessity of having more IP addresses on
IPv6.

--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

Re: IPv6 Hardware Firewall

<sul6ch$v6c6$1@news1.tnib.de>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=394&group=comp.os.linux.networking#394

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!news.samoylyk.net!news.freedyn.de!news1.tnib.de!feed.news.tnib.de!news.tnib.de!.POSTED.torres.zugschlus.de!not-for-mail
From: mh+usene...@zugschl.us (Marc Haber)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Thu, 17 Feb 2022 11:00:48 +0100
Organization: private site, see http://www.zugschlus.de/ for details
Message-ID: <sul6ch$v6c6$1@news1.tnib.de>
References: <slrnt0ap4h.5ru.dan@djph.net> <su3pvb$3r2$1@tncsrv09.home.tnetconsulting.net> <slrnt0au84.5ru.dan@djph.net> <su3unv$th6$1@tncsrv09.home.tnetconsulting.net> <su5nuu$47ba$1@news1.tnib.de> <su69tq$haj$2@tncsrv09.home.tnetconsulting.net> <su800s$82u7$1@news1.tnib.de> <su9r2e$au4$1@tncsrv09.home.tnetconsulting.net> <20220213140543.1275a4a8@ryz> <sugt0n$og5$1@tncsrv09.home.tnetconsulting.net> <suickf$qcjn$1@news1.tnib.de> <sujlk2$qqe$1@tncsrv09.home.tnetconsulting.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 17 Feb 2022 10:00:49 -0000 (UTC)
Injection-Info: news1.tnib.de; posting-host="torres.zugschlus.de:85.214.160.151";
logging-data="1022342"; mail-complaints-to="abuse@tnib.de"
X-Newsreader: Forte Agent 6.00/32.1186
 by: Marc Haber - Thu, 17 Feb 2022 10:00 UTC

Grant Taylor <gtaylor@tnetconsulting.net> wrote:
>On 2/16/22 1:29 AM, Marc Haber wrote:
>> That's what sane networks have DNS for.
>
>Not everything supports DNS.

Sad. I havent seen such a system in this century. And I see a lot of
them. Even the most stupid IoT cloud box does DNS.

>> That being said, I like using the well-defined addresses for DNS
>> servers that sadly never made it into a formal standard.
>
>You mean something like the same site-local address for the local DNS
>server? }:-)

| inet6 fec0:0:0:ffff::3/64 scope site deprecated
| valid_lft forever preferred_lft 0sec
| inet6 fec0:0:0:ffff::2/64 scope site deprecated
| valid_lft forever preferred_lft 0sec
| inet6 fec0:0:0:ffff::1/64 scope site deprecated
| valid_lft forever preferred_lft 0sec

Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

Re: IPv6 Hardware Firewall

<sul6hc$v6hj$1@news1.tnib.de>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=395&group=comp.os.linux.networking#395

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!news.freedyn.de!news1.tnib.de!feed.news.tnib.de!news.tnib.de!.POSTED.torres.zugschlus.de!not-for-mail
From: mh+usene...@zugschl.us (Marc Haber)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Thu, 17 Feb 2022 11:03:24 +0100
Organization: private site, see http://www.zugschlus.de/ for details
Message-ID: <sul6hc$v6hj$1@news1.tnib.de>
References: <VLKMJ.19775$iK66.8601@fx46.iad> <20220209230421@news.eternal-september.org> <su2kpj$1gb44$1@news1.tnib.de> <9eoNJ.42368$%uX7.41616@fx38.iad> <20220211094118.25fc3210@ryz> <suanni$gn6$1@dont-email.me> <20220213135148.0dc315e6@ryz> <sugu35$ia2$1@tncsrv09.home.tnetconsulting.net> <20220215211807.08a73313@ryz> <suhjch$h1j$1@tncsrv09.home.tnetconsulting.net> <20220216162433.505a8d4a@ryz> <sujm1k$g82$1@tncsrv09.home.tnetconsulting.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 17 Feb 2022 10:03:24 -0000 (UTC)
Injection-Info: news1.tnib.de; posting-host="torres.zugschlus.de:85.214.160.151";
logging-data="1022515"; mail-complaints-to="abuse@tnib.de"
X-Newsreader: Forte Agent 6.00/32.1186
 by: Marc Haber - Thu, 17 Feb 2022 10:03 UTC

Grant Taylor <gtaylor@tnetconsulting.net> wrote:
>On 2/16/22 8:24 AM, Marco Moock wrote:
>> That I need a special application gateway (that does NAT in the
>> background) on my Cisco router to make SIP/RTSP work.
>>
>> If I don't have such a special NAT "gateway" I wouldn't be able to
>> be called from others via IPV4.
>
>What's more responsible for that problem? SIP itself or NAT? There are
>many other protocols that work through NAT perfectly fine without the
>need for such shenanigans.

SIP is a really horrible protocol. It should have been in an April
Fools RFC.

>It's been a while, but I think that it is possible for SIP clients to
>connect to a globally routed IPv4 address that is port forwarded / NATed
>to an internal server without the need for the NAT gateway shenanigans.

That is incredibly painful, especially if you want to _receive_ calls.

>But, maybe I'm mis-remembering things. Maybe it was configuration of
>the SIP server saying "Report $THIS external IP."

Maybe. Doesn't work with a dynmic IP address.

>> I assume systemd-resolved does, I already experienced that with
>> it. The reason for that is that DNS with global resolved domains is
>> intended to equal regardless which resolver ask. For the caches I
>> see no reason in clearing the cache if the network comes up/down.
>
>Bleck
>
>I actively avoid systemd and it's ilk.

Why am I not surprised about that?

>> Completely agree, but if you have just one computer that isn't
>> administered by the company you need to emanate that some users don't
>> use your local resolver.
>>
>> Maybe yes, but there is hope over the horizon, some big tech companies
>> implement IPv6 and I just wait until they say "we switch off IPv4
>> in one year" or "websites without IPv6 connectivity will be unlisted
>> from Google".
>
>Ha! I don't think we'll see big services turning off IPv4 any time
>soon. I doubt we will see it in the next decade, if not more like two
>decades.

Yes. You're part of the party that makes sure it's going to happen
this way.

That does not mean that internal networks won't go single stack IPv6.
I don't mind having a handful of dual-stacked, internet-facing
servers.

Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

Re: IPv6 Hardware Firewall

<sul6ma$v6so$1@news1.tnib.de>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=396&group=comp.os.linux.networking#396

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!rocksolid2!news.neodome.net!weretis.net!feeder8.news.weretis.net!news1.tnib.de!feed.news.tnib.de!news.tnib.de!.POSTED.torres.zugschlus.de!not-for-mail
From: mh+usene...@zugschl.us (Marc Haber)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Thu, 17 Feb 2022 11:06:02 +0100
Organization: private site, see http://www.zugschlus.de/ for details
Message-ID: <sul6ma$v6so$1@news1.tnib.de>
References: <20220209230421@news.eternal-september.org> <su2kpj$1gb44$1@news1.tnib.de> <9eoNJ.42368$%uX7.41616@fx38.iad> <20220211094118.25fc3210@ryz> <suanni$gn6$1@dont-email.me> <20220213135148.0dc315e6@ryz> <sugu35$ia2$1@tncsrv09.home.tnetconsulting.net> <20220215211807.08a73313@ryz> <suhler$ege$1@dont-email.me> <20220216162643.14b162e1@ryz> <slrnt0qaop.idl.dan@djph.net> <20220216191307.0fd4d19e@ryz> <sujkt1$sg9c$1@news1.tnib.de> <20220216211849.5c24bcb4@ryz>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 17 Feb 2022 10:06:02 -0000 (UTC)
Injection-Info: news1.tnib.de; posting-host="torres.zugschlus.de:85.214.160.151";
logging-data="1022872"; mail-complaints-to="abuse@tnib.de"
X-Newsreader: Forte Agent 6.00/32.1186
 by: Marc Haber - Thu, 17 Feb 2022 10:06 UTC

Marco Moock <mo01@posteo.de> wrote:
>Am Mittwoch, 16. Februar 2022, um 20:56:17 Uhr schrieb Marc Haber:
>
>> ¹ there are no subnets in IPv6, but you get the idea
>
>Why there are no subnets in Ipv6?
>I can do subnetting just like with IPv4.

Subnetting is terminology from classful IPv4 addressing. For example,
172.16.24.0/24 is a subnet of the class B network 172.16.0.0. In
classless IP networking, there are just networks.

The subnetting expression is unkillable just like the "Class C" for a
/24, even if it's 10.0.2.0/24. Thankfully, noone says supernet any
more.

Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

Re: IPv6 Hardware Firewall

<slrnt0sd55.idl.dan@djph.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=397&group=comp.os.linux.networking#397

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: dan...@djph.net (Dan Purgert)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Thu, 17 Feb 2022 11:41:45 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 35
Message-ID: <slrnt0sd55.idl.dan@djph.net>
References: <VLKMJ.19775$iK66.8601@fx46.iad>
<20220209230421@news.eternal-september.org> <su2kpj$1gb44$1@news1.tnib.de>
<9eoNJ.42368$%uX7.41616@fx38.iad> <20220211094118.25fc3210@ryz>
<suanni$gn6$1@dont-email.me> <20220213135148.0dc315e6@ryz>
<sugu35$ia2$1@tncsrv09.home.tnetconsulting.net>
<20220215211807.08a73313@ryz> <suhler$ege$1@dont-email.me>
<slrnt0phfq.idl.dan@djph.net> <sujki0$omp$1@dont-email.me>
Injection-Date: Thu, 17 Feb 2022 11:41:45 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="ebda39cabe7fbbb727a1e0d90a04c539";
logging-data="15837"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19nScNWvXPYhqM0ZXiu1r+lkl/LSQUkXfA="
User-Agent: slrn/1.0.3 (Linux)
Cancel-Lock: sha1:0Qv7t8FqqSpqsNa9u0iQLd+xt0c=
X-PGP-KeyID: 0x4CE72860
 by: Dan Purgert - Thu, 17 Feb 2022 11:41 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

meff wrote:
> On 2022-02-16, Dan Purgert <dan@djph.net> wrote:
>> Even the $50 TPLink stuff can do a guest WiFi network, such as the
>> Archer A7.
>
> Sorry I'm specifically referring to IPv6 subnetting here.

And it can do v6 as well ... obviously your ISP would need to support
it.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3asj+xn6fYUcweBnbWVw5UznKGAFAmIONKUACgkQbWVw5Uzn
KGAaBg/9HlfwcDtw5hNgeqtuM3BBAtyDmqKSRfNq/ASWnZ/RWxFmxLNDdnX//76z
73NkYJM6ERXTYCdlDqS4TbgR8N2CueK17kpl2Y/NcGN9aCgOWzHQK7DRXQWI/2h5
naLSsl7VkBA5AKAsh4q4UweqXEJP/nP5CB7AaTvo8Cg7Tj6iS8aOxzfx4WF8YFfg
HICRilNCYv+bmRlFJuPuyVIzhUw17t55Cilb92CHiPU5So3ZLHjstZi71voWr+zx
G8uCgZkzZ0pPB0uDKzMKjkXcIdW8m+Fi0Q6P9/yXPIhER0ZQ/YS/A2yDvBQx0Hcv
4Qp+GKh2qLLbAwP2FAUsOBOusGz4Fi3nKMFL/RRmSTgiiDQsbD1d0dz78LQM2BlD
e9dJ1bYr8tkseohSSkKZoKtAJxowhXa+vslTUCsfiQUkq1+teiXK0L9EBai59yiq
Zcr/B4+C3LKaGnQc2QQJcv/ilZuUkD3n6720r3mNzN5bumhtZOUpXchynXGnBFlS
WplxW7B5aD9Eg6HUwczVsFnFGpSRTkkDWkdyp8N6w2fJJgmPU1H/TivESzCIqROP
NigCot8XP+BeJR7qim9/bmwke07M06YzF4QZEPTgh9e6znMUMVYsnIJJkBPeqOIk
RsYFSGRKVlJfXAeob8mGcaCtm6BXGsbuMN5N2DsPLvnvvLyA+B8=
=wGXy
-----END PGP SIGNATURE-----

--
|_|O|_|
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860

Re: IPv6 Hardware Firewall

<sum053$7dp$1@tncsrv09.home.tnetconsulting.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=398&group=comp.os.linux.networking#398

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Thu, 17 Feb 2022 10:20:50 -0700
Organization: TNet Consulting
Message-ID: <sum053$7dp$1@tncsrv09.home.tnetconsulting.net>
References: <VLKMJ.19775$iK66.8601@fx46.iad>
<20220209230421@news.eternal-september.org> <su2kpj$1gb44$1@news1.tnib.de>
<9eoNJ.42368$%uX7.41616@fx38.iad> <20220211094118.25fc3210@ryz>
<suanni$gn6$1@dont-email.me> <20220213135148.0dc315e6@ryz>
<sugu35$ia2$1@tncsrv09.home.tnetconsulting.net> <20220215211807.08a73313@ryz>
<suhjch$h1j$1@tncsrv09.home.tnetconsulting.net> <20220216162433.505a8d4a@ryz>
<sujm1k$g82$1@tncsrv09.home.tnetconsulting.net> <sul6hc$v6hj$1@news1.tnib.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 17 Feb 2022 17:20:35 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="7609"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <sul6hc$v6hj$1@news1.tnib.de>
Content-Language: en-US
 by: Grant Taylor - Thu, 17 Feb 2022 17:20 UTC

On 2/17/22 3:03 AM, Marc Haber wrote:
> SIP is a really horrible protocol. It should have been in an April
> Fools RFC.

Agreed.

> That is incredibly painful, especially if you want to _receive_ calls.

I'll give you that it's painful from a technology and configuration
standpoint.

But I disagree about the receiveing calls part. There are MANY VoIP
users that have done nothing that are receiving calls through this type
of configuration.

The trick is that the calls come in over an established connection from
between external server and the VoIP endpoint.

Is it as pure as the calls coming directly to the VoIP endpoint? Nope.
Did it stop Vonnage et al. from offering VoIP service to these types of
VoIP endpoints? Nope. Does it work through indirect methods? Yep.

> Maybe. Doesn't work with a dynmic IP address.

There are multiple ugly solutions that allow dynamic IPs to work.
Usually related to learning the (new) current external IP and
re-configuring themselves / re-registering with the upstream VoIP server.

Again, see Vonnage et al. doing this for years.

> Why am I not surprised about that?
>
> Yes. You're part of the party that makes sure it's going to happen
> this way.

I think quite the contrary. I advocate for IPv6 adoption. I've adopted
IPv6 on all my personal things for longer than I can remember. I ask
multiple vendors when they are going to start offering, much less
actually supporting (as in help desk) IPv6.

I'm also quite realistic that we're going to have IPv4 for a LONG time.

> That does not mean that internal networks won't go single stack IPv6.
> I don't mind having a handful of dual-stacked, internet-facing servers.

In some ways that seems like a disingenuous response. It doesn't really
matter /how/ you support IPv4, or /where/ you support IPv4. The fact
remains that you *ARE* supporting IPv4 in some way somewhere in your
network. If you're communicating with an IPv4 endpoint in any capacity,
you are supporting the perpetuation of IPv4.

--
Grant. . . .
unix || die

Re: IPv6 Hardware Firewall

<sum0if$6tq$1@tncsrv09.home.tnetconsulting.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=399&group=comp.os.linux.networking#399

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Thu, 17 Feb 2022 10:27:58 -0700
Organization: TNet Consulting
Message-ID: <sum0if$6tq$1@tncsrv09.home.tnetconsulting.net>
References: <20220209230421@news.eternal-september.org>
<su2kpj$1gb44$1@news1.tnib.de> <9eoNJ.42368$%uX7.41616@fx38.iad>
<20220211094118.25fc3210@ryz> <suanni$gn6$1@dont-email.me>
<20220213135148.0dc315e6@ryz> <sugu35$ia2$1@tncsrv09.home.tnetconsulting.net>
<20220215211807.08a73313@ryz> <suhler$ege$1@dont-email.me>
<20220216162643.14b162e1@ryz> <slrnt0qaop.idl.dan@djph.net>
<20220216191307.0fd4d19e@ryz> <sujkt1$sg9c$1@news1.tnib.de>
<20220216211849.5c24bcb4@ryz> <sul6ma$v6so$1@news1.tnib.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 17 Feb 2022 17:27:43 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="7098"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <sul6ma$v6so$1@news1.tnib.de>
Content-Language: en-US
 by: Grant Taylor - Thu, 17 Feb 2022 17:27 UTC

On 2/17/22 3:06 AM, Marc Haber wrote:
> Subnetting is terminology from classful IPv4 addressing.

Chuckle.

> For example, 172.16.24.0/24 is a subnet of the class B network
> 172.16.0.0.

Technically accurate. Though not many, including networking people,
understand, much less can explain, what you have just staed.

> In classless IP networking, there are just networks.

Yes and no.

Now you verge into nomenclature. Subnet is both the sub-network as
described above and the widely accepted name for the particular network
that is being discussed.

Perhaps this is perpetuated by poor UI design and / or consistency with
historic design.

Whatever the reason, many people will tell you that 10.0.0.0/24 is the
subnet that their router uses by default.

> The subnetting expression is unkillable just like the "Class C"
> for a /24, even if it's 10.0.2.0/24. Thankfully, noone says supernet
> any more.

I've taken to saying "Class C /Sized/" network. There are only so many
windmills that I'm capable of tilting at. I tend to prefer to tilt at
windmills that I feel that I can change.

--
Grant. . . .
unix || die

Re: IPv6 Hardware Firewall

<sum0oo$4n4$1@tncsrv09.home.tnetconsulting.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=400&group=comp.os.linux.networking#400

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Thu, 17 Feb 2022 10:31:19 -0700
Organization: TNet Consulting
Message-ID: <sum0oo$4n4$1@tncsrv09.home.tnetconsulting.net>
References: <VLKMJ.19775$iK66.8601@fx46.iad>
<20220209230421@news.eternal-september.org> <su2kpj$1gb44$1@news1.tnib.de>
<9eoNJ.42368$%uX7.41616@fx38.iad> <20220211094118.25fc3210@ryz>
<suanni$gn6$1@dont-email.me> <20220213135148.0dc315e6@ryz>
<sugu35$ia2$1@tncsrv09.home.tnetconsulting.net> <20220215211807.08a73313@ryz>
<suip2k$87a$1@dont-email.me> <20220216191210.24dbafce@ryz>
<sul00u$vgi$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 17 Feb 2022 17:31:04 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="4836"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <sul00u$vgi$1@dont-email.me>
Content-Language: en-US
 by: Grant Taylor - Thu, 17 Feb 2022 17:31 UTC

On 2/17/22 1:12 AM, David Brown wrote:
> It's probably time I looked more seriously at IPv6

Yes. Many would say it's past time that you look more seriously at IPv6.

I was quite happy with the introduction / tutorial / training /
certification that Hurricane Electric offered years ago. Purportedly
they still offer the same.

Learn about it and start using IPv6.

--
Grant. . . .
unix || die

Re: IPv6 Hardware Firewall

<sume93$mpo$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=401&group=comp.os.linux.networking#401

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: ema...@example.com (meff)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Thu, 17 Feb 2022 21:21:39 -0000 (UTC)
Organization: That of fools
Lines: 8
Message-ID: <sume93$mpo$1@dont-email.me>
References: <VLKMJ.19775$iK66.8601@fx46.iad>
<20220209230421@news.eternal-september.org> <su2kpj$1gb44$1@news1.tnib.de>
<9eoNJ.42368$%uX7.41616@fx38.iad> <20220211094118.25fc3210@ryz>
<suanni$gn6$1@dont-email.me> <20220213135148.0dc315e6@ryz>
<sugu35$ia2$1@tncsrv09.home.tnetconsulting.net>
<20220215211807.08a73313@ryz> <suip2k$87a$1@dont-email.me>
<20220216191210.24dbafce@ryz> <sul00u$vgi$1@dont-email.me>
Injection-Date: Thu, 17 Feb 2022 21:21:39 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="2bdc8a9b254787344794242d8e1d72ed";
logging-data="23352"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19kcIXth6g6D4vdxKexnxF5"
User-Agent: slrn/1.0.3 (Linux)
Cancel-Lock: sha1:LIFAwKVTmrPu/d37uxJH5qdcz8g=
 by: meff - Thu, 17 Feb 2022 21:21 UTC

On 2022-02-17, David Brown <david.brown@hesbynett.no> wrote:
> It's probably time I looked more seriously at IPv6 - this thread and
> posts like yours have inspired me there. (Thanks for that.) It sounds
> that there are differences in the kind of network and users we deal
> with, and that leads to different experiences and different solutions.

I enjoyed sending [Hello IPv6](https://metebalci.com/blog/hello-ipv6/)
as a good introduction to some friends.

Re: IPv6 Hardware Firewall

<sumead$mpo$2@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=402&group=comp.os.linux.networking#402

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: ema...@example.com (meff)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Thu, 17 Feb 2022 21:22:21 -0000 (UTC)
Organization: That of fools
Lines: 6
Message-ID: <sumead$mpo$2@dont-email.me>
References: <VLKMJ.19775$iK66.8601@fx46.iad>
<20220209230421@news.eternal-september.org> <su2kpj$1gb44$1@news1.tnib.de>
<9eoNJ.42368$%uX7.41616@fx38.iad> <20220211094118.25fc3210@ryz>
<suanni$gn6$1@dont-email.me> <20220213135148.0dc315e6@ryz>
<sugu35$ia2$1@tncsrv09.home.tnetconsulting.net>
<20220215211807.08a73313@ryz> <suhler$ege$1@dont-email.me>
<slrnt0phfq.idl.dan@djph.net> <sujki0$omp$1@dont-email.me>
<slrnt0sd55.idl.dan@djph.net>
Injection-Date: Thu, 17 Feb 2022 21:22:21 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="2bdc8a9b254787344794242d8e1d72ed";
logging-data="23352"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19VRMrv3QlhalpeHfahVbN4"
User-Agent: slrn/1.0.3 (Linux)
Cancel-Lock: sha1:RAdS/+4UCd9q9/drcf85mMJ4kbg=
 by: meff - Thu, 17 Feb 2022 21:22 UTC

On 2022-02-17, Dan Purgert <dan@djph.net> wrote:
> And it can do v6 as well ... obviously your ISP would need to support
> it.

Good to know, thanks. I'll be helping setup a home network for a
family member soon anyway so it's a timely recommendation thanks.

Re: IPv6 Hardware Firewall

<sunhm8$138gs$1@news1.tnib.de>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=403&group=comp.os.linux.networking#403

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!news.freedyn.de!news1.tnib.de!feed.news.tnib.de!news.tnib.de!.POSTED.torres.zugschlus.de!not-for-mail
From: mh+usene...@zugschl.us (Marc Haber)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Fri, 18 Feb 2022 08:26:00 +0100
Organization: private site, see http://www.zugschlus.de/ for details
Message-ID: <sunhm8$138gs$1@news1.tnib.de>
References: <9eoNJ.42368$%uX7.41616@fx38.iad> <20220211094118.25fc3210@ryz> <suanni$gn6$1@dont-email.me> <20220213135148.0dc315e6@ryz> <sugu35$ia2$1@tncsrv09.home.tnetconsulting.net> <20220215211807.08a73313@ryz> <suhler$ege$1@dont-email.me> <20220216162643.14b162e1@ryz> <slrnt0qaop.idl.dan@djph.net> <20220216191307.0fd4d19e@ryz> <sujkt1$sg9c$1@news1.tnib.de> <20220216211849.5c24bcb4@ryz> <sul6ma$v6so$1@news1.tnib.de> <sum0if$6tq$1@tncsrv09.home.tnetconsulting.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 18 Feb 2022 07:26:00 -0000 (UTC)
Injection-Info: news1.tnib.de; posting-host="torres.zugschlus.de:85.214.160.151";
logging-data="1155612"; mail-complaints-to="abuse@tnib.de"
X-Newsreader: Forte Agent 6.00/32.1186
 by: Marc Haber - Fri, 18 Feb 2022 07:26 UTC

Grant Taylor <gtaylor@tnetconsulting.net> wrote:
>On 2/17/22 3:06 AM, Marc Haber wrote:
>> Subnetting is terminology from classful IPv4 addressing.
>
>Chuckle.
>
>> For example, 172.16.24.0/24 is a subnet of the class B network
>> 172.16.0.0.
>
>Technically accurate. Though not many, including networking people,
>understand, much less can explain, what you have just staed.

Many people still learn that in school and are actually required to
reproduce that knowledge in exams. And then they begin working with
real networks and we have to make them forget.

Correct way to teach IP networks is to begin with IPv6, and then
gradully add IPv4 and explain the crutches that IPv4 needs to still
work. That way, people would not learn those crutches as being
essential part of the protocol like they do today.

>Whatever the reason, many people will tell you that 10.0.0.0/24 is the
>subnet that their router uses by default.

But it still is the network on the internal interface of the router.

>> The subnetting expression is unkillable just like the "Class C"
>> for a /24, even if it's 10.0.2.0/24. Thankfully, noone says supernet
>> any more.
>
>I've taken to saying "Class C /Sized/" network.

That sounds acceptable to me. I will still try to say "slash
vierundzwanzig".

>There are only so many
>windmills that I'm capable of tilting at. I tend to prefer to tilt at
>windmills that I feel that I can change.

Wise.

Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

Re: IPv6 Hardware Firewall

<sunl59$9er$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=404&group=comp.os.linux.networking#404

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: david.br...@hesbynett.no (David Brown)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Fri, 18 Feb 2022 09:25:13 +0100
Organization: A noiseless patient Spider
Lines: 20
Message-ID: <sunl59$9er$1@dont-email.me>
References: <VLKMJ.19775$iK66.8601@fx46.iad>
<20220209230421@news.eternal-september.org> <su2kpj$1gb44$1@news1.tnib.de>
<9eoNJ.42368$%uX7.41616@fx38.iad> <20220211094118.25fc3210@ryz>
<suanni$gn6$1@dont-email.me> <20220213135148.0dc315e6@ryz>
<sugu35$ia2$1@tncsrv09.home.tnetconsulting.net> <20220215211807.08a73313@ryz>
<suip2k$87a$1@dont-email.me> <20220216191210.24dbafce@ryz>
<sul00u$vgi$1@dont-email.me> <sum0oo$4n4$1@tncsrv09.home.tnetconsulting.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 18 Feb 2022 08:25:13 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="f3b2e34fbffb4276cc96ed5cd0ac2009";
logging-data="9691"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+4ftfDuEk2vCQoUYI9O17K+SXZ3s/kiRg="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.11.0
Cancel-Lock: sha1:IurkwK7IuymEXk2DrVt6zjg64PM=
In-Reply-To: <sum0oo$4n4$1@tncsrv09.home.tnetconsulting.net>
Content-Language: en-GB
 by: David Brown - Fri, 18 Feb 2022 08:25 UTC

On 17/02/2022 18:31, Grant Taylor wrote:
> On 2/17/22 1:12 AM, David Brown wrote:
>> It's probably time I looked more seriously at IPv6
>
> Yes.  Many would say it's past time that you look more seriously at IPv6.
>
> I was quite happy with the introduction / tutorial / training /
> certification that Hurricane Electric offered years ago.  Purportedly
> they still offer the same.
>
> Learn about it and start using IPv6.
>

I know a fair bit about it, but not as much as I should - and I have not
used it in any significant way, which is of course the vital point. I
have not yet seen any need of it or seen how it might be better for
anything I have needed to do on networks. However, it is of course best
to get the practice in /before/ I start needing it!

Re: IPv6 Hardware Firewall

<sunl6f$9er$2@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=405&group=comp.os.linux.networking#405

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!3.eu.feeder.erje.net!feeder.erje.net!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: david.br...@hesbynett.no (David Brown)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Fri, 18 Feb 2022 09:25:51 +0100
Organization: A noiseless patient Spider
Lines: 13
Message-ID: <sunl6f$9er$2@dont-email.me>
References: <VLKMJ.19775$iK66.8601@fx46.iad>
<20220209230421@news.eternal-september.org> <su2kpj$1gb44$1@news1.tnib.de>
<9eoNJ.42368$%uX7.41616@fx38.iad> <20220211094118.25fc3210@ryz>
<suanni$gn6$1@dont-email.me> <20220213135148.0dc315e6@ryz>
<sugu35$ia2$1@tncsrv09.home.tnetconsulting.net> <20220215211807.08a73313@ryz>
<suip2k$87a$1@dont-email.me> <20220216191210.24dbafce@ryz>
<sul00u$vgi$1@dont-email.me> <sume93$mpo$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 18 Feb 2022 08:25:51 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="f3b2e34fbffb4276cc96ed5cd0ac2009";
logging-data="9691"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+gFXukvZRfRCyuGqaLJw4OP9bwraMDZgc="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.11.0
Cancel-Lock: sha1:0gTRqtm40tFXF6LzHbk09AsbroA=
In-Reply-To: <sume93$mpo$1@dont-email.me>
Content-Language: en-GB
 by: David Brown - Fri, 18 Feb 2022 08:25 UTC

On 17/02/2022 22:21, meff wrote:
> On 2022-02-17, David Brown <david.brown@hesbynett.no> wrote:
>> It's probably time I looked more seriously at IPv6 - this thread and
>> posts like yours have inspired me there. (Thanks for that.) It sounds
>> that there are differences in the kind of network and users we deal
>> with, and that leads to different experiences and different solutions.
>
> I enjoyed sending [Hello IPv6](https://metebalci.com/blog/hello-ipv6/)
> as a good introduction to some friends.
>

Thanks. I will start there.

Re: IPv6 Hardware Firewall

<20220218120507.5cf1e822@ryz>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=406&group=comp.os.linux.networking#406

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: mo0...@posteo.de (Marco Moock)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Fri, 18 Feb 2022 12:05:07 +0100
Organization: A noiseless patient Spider
Lines: 22
Message-ID: <20220218120507.5cf1e822@ryz>
References: <9eoNJ.42368$%uX7.41616@fx38.iad>
<20220211094118.25fc3210@ryz>
<suanni$gn6$1@dont-email.me>
<20220213135148.0dc315e6@ryz>
<sugu35$ia2$1@tncsrv09.home.tnetconsulting.net>
<20220215211807.08a73313@ryz>
<suhler$ege$1@dont-email.me>
<20220216162643.14b162e1@ryz>
<slrnt0qaop.idl.dan@djph.net>
<20220216191307.0fd4d19e@ryz>
<sujkt1$sg9c$1@news1.tnib.de>
<20220216211849.5c24bcb4@ryz>
<sul6ma$v6so$1@news1.tnib.de>
<sum0if$6tq$1@tncsrv09.home.tnetconsulting.net>
<sunhm8$138gs$1@news1.tnib.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Info: reader02.eternal-september.org; posting-host="82ca4a667a95ae663054c3aedebb5849";
logging-data="31030"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+DSWCxLZYVpbGCeCWy67S1"
Cancel-Lock: sha1:aLI2/P5AdJi4mowU0YPYROGfWOk=
X-Newsreader: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
 by: Marco Moock - Fri, 18 Feb 2022 11:05 UTC

Am Freitag, 18. Februar 2022, um 08:26:00 Uhr schrieb Marc Haber:

> Many people still learn that in school and are actually required to
> reproduce that knowledge in exams. And then they begin working with
> real networks and we have to make them forget.

Fully agree. I also "learn" that in school at this time.
But subnetting itself is still needed for IPv6 for knowing about
routing tables etc.
Also, if you have a /56 from your provider, you mostly need to use /64
for your client nets, so you still do a process like
subnetting/supernetting (for routing).

> Correct way to teach IP networks is to begin with IPv6, and then
> gradully add IPv4 and explain the crutches that IPv4 needs to still
> work. That way, people would not learn those crutches as being
> essential part of the protocol like they do today.

True, but there are too many people that say "IPv6 isn't needed", "IPv6
isn't supported by all devices", "IPv4 is enough", "I don't know about
IPv6" and some more bullshit.

Re: IPv6 Hardware Firewall

<suolbr$id8$1@tncsrv09.home.tnetconsulting.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=407&group=comp.os.linux.networking#407

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Fri, 18 Feb 2022 10:35:07 -0700
Organization: TNet Consulting
Message-ID: <suolbr$id8$1@tncsrv09.home.tnetconsulting.net>
References: <9eoNJ.42368$%uX7.41616@fx38.iad> <20220211094118.25fc3210@ryz>
<suanni$gn6$1@dont-email.me> <20220213135148.0dc315e6@ryz>
<sugu35$ia2$1@tncsrv09.home.tnetconsulting.net> <20220215211807.08a73313@ryz>
<suhler$ege$1@dont-email.me> <20220216162643.14b162e1@ryz>
<slrnt0qaop.idl.dan@djph.net> <20220216191307.0fd4d19e@ryz>
<sujkt1$sg9c$1@news1.tnib.de> <20220216211849.5c24bcb4@ryz>
<sul6ma$v6so$1@news1.tnib.de> <sum0if$6tq$1@tncsrv09.home.tnetconsulting.net>
<sunhm8$138gs$1@news1.tnib.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 18 Feb 2022 17:34:51 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="18856"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <sunhm8$138gs$1@news1.tnib.de>
Content-Language: en-US
 by: Grant Taylor - Fri, 18 Feb 2022 17:35 UTC

On 2/18/22 12:26 AM, Marc Haber wrote:
> Many people still learn that in school and are actually required to
> reproduce that knowledge in exams. And then they begin working with
> real networks and we have to make them forget.

I don't think that we need to make them forget.

Contrarily I'd rather they remember how to do it, but choose not to use it.

Do we actually want people forgetting that sticking their hand over /
into an open flame is painful? I don't think so.

There is also the fact that the sub-network concept applies equally well
to IPv6 as it does to IPv4. We just have different grouping sizes that
we use by convention. But the binary math therein, that's still
important to know, independent of 32-bit and 128-bit.

> Correct way to teach IP networks is to begin with IPv6, and then
> gradully add IPv4 and explain the crutches that IPv4 needs to still
> work. That way, people would not learn those crutches as being
> essential part of the protocol like they do today.

I don't know that I agree with that.

Many people will not inherently derive that B is better than A or that A
is worse than B. This seems to be especially true when people are in
the frame of mind to ingest information without actually processing it.
As such, we need to give them both A and B as well as C wherein C is the
pros and cons of A & B.

> But it still is the network on the internal interface of the router.

We hope that it's the /internal/ interface. I've seen it on the
/outside/ interface. >:-| -- That was one of the earlier CGN
deployments that I ran into.

> That sounds acceptable to me. I will still try to say "slash
> vierundzwanzig".

:-)

> Wise.

:-)

--
Grant. . . .
unix || die

Re: IPv6 Hardware Firewall

<suolo0$tlb$1@tncsrv09.home.tnetconsulting.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=408&group=comp.os.linux.networking#408

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Fri, 18 Feb 2022 10:41:35 -0700
Organization: TNet Consulting
Message-ID: <suolo0$tlb$1@tncsrv09.home.tnetconsulting.net>
References: <9eoNJ.42368$%uX7.41616@fx38.iad> <20220211094118.25fc3210@ryz>
<suanni$gn6$1@dont-email.me> <20220213135148.0dc315e6@ryz>
<sugu35$ia2$1@tncsrv09.home.tnetconsulting.net> <20220215211807.08a73313@ryz>
<suhler$ege$1@dont-email.me> <20220216162643.14b162e1@ryz>
<slrnt0qaop.idl.dan@djph.net> <20220216191307.0fd4d19e@ryz>
<sujkt1$sg9c$1@news1.tnib.de> <20220216211849.5c24bcb4@ryz>
<sul6ma$v6so$1@news1.tnib.de> <sum0if$6tq$1@tncsrv09.home.tnetconsulting.net>
<sunhm8$138gs$1@news1.tnib.de> <20220218120507.5cf1e822@ryz>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 18 Feb 2022 17:41:20 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="30379"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <20220218120507.5cf1e822@ryz>
Content-Language: en-US
 by: Grant Taylor - Fri, 18 Feb 2022 17:41 UTC

On 2/18/22 4:05 AM, Marco Moock wrote:
> Also, if you have a /56 from your provider, you mostly need to
> use /64 for your client nets, so you still do a process like
> subnetting/supernetting (for routing).

Yep.

Also, remember, that the /64 is a convention as much as it is anything
else. It's entirely possible to use something other than /64 for end
user networks. The only thing that suffers when not using /64 is SLAAC.
DHCP for IPv6 and / or static configuration works perfectly fine with
something other than SLAAC.

N.B. Despite what the IPv6 zealots want to believe, there is a LOT that
DHCP for IPv6 offers that can't be done dynamically with SLAAC et al.
DHCP provides a LOT of configuration information that end user systems
use, particularly in SMB or larger enterprise networks.

> True, but there are too many people that say "IPv6 isn't needed",
> "IPv6 isn't supported by all devices", "IPv4 is enough", "I don't
> know about IPv6" and some more bullshit.

I can't point to anything that I want to do today that requires me to
use IPv6.

What's more, is if I had the addresses, I could do everything I do today
with globally routed IPv4 addresses.

I don't knowingly have any devices that don't support IPv6.

My ISP only provides IPv4, so it must be sufficient. Correct?

I can't effectively help people who choose to be wantonly ignorant.

--
Grant. . . .
unix || die

Re: IPv6 Hardware Firewall

<suolr7$tlb$2@tncsrv09.home.tnetconsulting.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=409&group=comp.os.linux.networking#409

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Fri, 18 Feb 2022 10:43:18 -0700
Organization: TNet Consulting
Message-ID: <suolr7$tlb$2@tncsrv09.home.tnetconsulting.net>
References: <9eoNJ.42368$%uX7.41616@fx38.iad> <20220211094118.25fc3210@ryz>
<suanni$gn6$1@dont-email.me> <20220213135148.0dc315e6@ryz>
<sugu35$ia2$1@tncsrv09.home.tnetconsulting.net> <20220215211807.08a73313@ryz>
<suhler$ege$1@dont-email.me> <20220216162643.14b162e1@ryz>
<slrnt0qaop.idl.dan@djph.net> <20220216191307.0fd4d19e@ryz>
<sujkt1$sg9c$1@news1.tnib.de> <20220216211849.5c24bcb4@ryz>
<sul6ma$v6so$1@news1.tnib.de> <sum0if$6tq$1@tncsrv09.home.tnetconsulting.net>
<sunhm8$138gs$1@news1.tnib.de> <20220218120507.5cf1e822@ryz>
<suolo0$tlb$1@tncsrv09.home.tnetconsulting.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 18 Feb 2022 17:43:03 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="30379"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <suolo0$tlb$1@tncsrv09.home.tnetconsulting.net>
Content-Language: en-US
 by: Grant Taylor - Fri, 18 Feb 2022 17:43 UTC

On 2/18/22 10:41 AM, Grant Taylor wrote:
> I can't point to anything that I want to do today that requires me to
> use IPv6.
>
> ...
>
> My ISP only provides IPv4, so it must be sufficient.  Correct?

There is also the negative thing wherein I have to actively disable IPv6
for specific services for various reasons.

- One of the streaming services that we use dislikes / blocks
Hurricane Electric.
- Some administrators ... choose to actively be hostile towards
connections from IPv6. This rears it's ugly head the most in the email
/ SMTP world.

--
Grant. . . .
unix || die

Re: IPv6 Hardware Firewall

<20220218202053.55973253@ryz>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=410&group=comp.os.linux.networking#410

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: mo0...@posteo.de (Marco Moock)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Fri, 18 Feb 2022 20:20:53 +0100
Organization: A noiseless patient Spider
Lines: 17
Message-ID: <20220218202053.55973253@ryz>
References: <9eoNJ.42368$%uX7.41616@fx38.iad>
<20220211094118.25fc3210@ryz>
<suanni$gn6$1@dont-email.me>
<20220213135148.0dc315e6@ryz>
<sugu35$ia2$1@tncsrv09.home.tnetconsulting.net>
<20220215211807.08a73313@ryz>
<suhler$ege$1@dont-email.me>
<20220216162643.14b162e1@ryz>
<slrnt0qaop.idl.dan@djph.net>
<20220216191307.0fd4d19e@ryz>
<sujkt1$sg9c$1@news1.tnib.de>
<20220216211849.5c24bcb4@ryz>
<sul6ma$v6so$1@news1.tnib.de>
<sum0if$6tq$1@tncsrv09.home.tnetconsulting.net>
<sunhm8$138gs$1@news1.tnib.de>
<20220218120507.5cf1e822@ryz>
<suolo0$tlb$1@tncsrv09.home.tnetconsulting.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Info: reader02.eternal-september.org; posting-host="82ca4a667a95ae663054c3aedebb5849";
logging-data="17833"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/MVP706qfHG19/vJb6iwid"
Cancel-Lock: sha1:mqxxILDuV/IIX/a29FcbAmhWlUw=
X-Newsreader: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
 by: Marco Moock - Fri, 18 Feb 2022 19:20 UTC

Am Freitag, 18. Februar 2022, um 10:41:35 Uhr schrieb Grant Taylor:

> N.B. Despite what the IPv6 zealots want to believe, there is a LOT
> that DHCP for IPv6 offers that can't be done dynamically with SLAAC
> et al. DHCP provides a LOT of configuration information that end user
> systems use, particularly in SMB or larger enterprise networks.

I agree, I tried out stateful DHCPv6 in a test environment with ULA
addresses.
With Ubuntu it works perfectly. Some parts are a little bit strange
(device gets /128 address regardless of net). If the router
advertisement includes the prefix of the net without the A flag set,
the routing table correctly includes the net and the traffic for the
prefix isn't being sent to the router and the back to the same link.

Such stuff is very confusing for people that only use IPv4 DHCP.

Re: IPv6 Hardware Firewall

<suos9j$15fl5$1@news1.tnib.de>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=411&group=comp.os.linux.networking#411

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!news1.tnib.de!feed.news.tnib.de!news.tnib.de!.POSTED.torres.zugschlus.de!not-for-mail
From: mh+usene...@zugschl.us (Marc Haber)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Fri, 18 Feb 2022 20:33:06 +0100
Organization: private site, see http://www.zugschlus.de/ for details
Message-ID: <suos9j$15fl5$1@news1.tnib.de>
References: <suanni$gn6$1@dont-email.me> <20220213135148.0dc315e6@ryz> <sugu35$ia2$1@tncsrv09.home.tnetconsulting.net> <20220215211807.08a73313@ryz> <suhler$ege$1@dont-email.me> <20220216162643.14b162e1@ryz> <slrnt0qaop.idl.dan@djph.net> <20220216191307.0fd4d19e@ryz> <sujkt1$sg9c$1@news1.tnib.de> <20220216211849.5c24bcb4@ryz> <sul6ma$v6so$1@news1.tnib.de> <sum0if$6tq$1@tncsrv09.home.tnetconsulting.net> <sunhm8$138gs$1@news1.tnib.de> <20220218120507.5cf1e822@ryz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 18 Feb 2022 19:33:07 -0000 (UTC)
Injection-Info: news1.tnib.de; posting-host="torres.zugschlus.de:85.214.160.151";
logging-data="1228453"; mail-complaints-to="abuse@tnib.de"
X-Newsreader: Forte Agent 6.00/32.1186
 by: Marc Haber - Fri, 18 Feb 2022 19:33 UTC

Marco Moock <mo01@posteo.de> wrote:
>Also, if you have a /56 from your provider, you mostly need to use /64
>for your client nets, so you still do a process like
>subnetting/supernetting (for routing).

This is just choosing a different prefix for your network. There is no
magic in that.

Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

Re: IPv6 Hardware Firewall

<suosbo$15g6c$1@news1.tnib.de>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=412&group=comp.os.linux.networking#412

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!news.freedyn.de!news1.tnib.de!feed.news.tnib.de!news.tnib.de!.POSTED.torres.zugschlus.de!not-for-mail
From: mh+usene...@zugschl.us (Marc Haber)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Fri, 18 Feb 2022 20:34:15 +0100
Organization: private site, see http://www.zugschlus.de/ for details
Message-ID: <suosbo$15g6c$1@news1.tnib.de>
References: <20220213135148.0dc315e6@ryz> <sugu35$ia2$1@tncsrv09.home.tnetconsulting.net> <20220215211807.08a73313@ryz> <suhler$ege$1@dont-email.me> <20220216162643.14b162e1@ryz> <slrnt0qaop.idl.dan@djph.net> <20220216191307.0fd4d19e@ryz> <sujkt1$sg9c$1@news1.tnib.de> <20220216211849.5c24bcb4@ryz> <sul6ma$v6so$1@news1.tnib.de> <sum0if$6tq$1@tncsrv09.home.tnetconsulting.net> <sunhm8$138gs$1@news1.tnib.de> <20220218120507.5cf1e822@ryz> <suolo0$tlb$1@tncsrv09.home.tnetconsulting.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 18 Feb 2022 19:34:16 -0000 (UTC)
Injection-Info: news1.tnib.de; posting-host="torres.zugschlus.de:85.214.160.151";
logging-data="1229004"; mail-complaints-to="abuse@tnib.de"
X-Newsreader: Forte Agent 6.00/32.1186
 by: Marc Haber - Fri, 18 Feb 2022 19:34 UTC

Grant Taylor <gtaylor@tnetconsulting.net> wrote:
>N.B. Despite what the IPv6 zealots want to believe, there is a LOT that
>DHCP for IPv6 offers that can't be done dynamically with SLAAC et al.
>DHCP provides a LOT of configuration information that end user systems
>use, particularly in SMB or larger enterprise networks.

DHCPv6 does perfectly coexist with SLAAC. SLAAC provides basic
connectivity, allowing management access. And then DHCPv6 comes in and
statelessly provides additional operational data.

Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

Re: IPv6 Hardware Firewall

<suosgh$15ghg$1@news1.tnib.de>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=413&group=comp.os.linux.networking#413

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!news1.tnib.de!feed.news.tnib.de!news.tnib.de!.POSTED.torres.zugschlus.de!not-for-mail
From: mh+usene...@zugschl.us (Marc Haber)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Fri, 18 Feb 2022 20:36:49 +0100
Organization: private site, see http://www.zugschlus.de/ for details
Message-ID: <suosgh$15ghg$1@news1.tnib.de>
References: <suanni$gn6$1@dont-email.me> <20220213135148.0dc315e6@ryz> <sugu35$ia2$1@tncsrv09.home.tnetconsulting.net> <20220215211807.08a73313@ryz> <suhler$ege$1@dont-email.me> <20220216162643.14b162e1@ryz> <slrnt0qaop.idl.dan@djph.net> <20220216191307.0fd4d19e@ryz> <sujkt1$sg9c$1@news1.tnib.de> <20220216211849.5c24bcb4@ryz> <sul6ma$v6so$1@news1.tnib.de> <sum0if$6tq$1@tncsrv09.home.tnetconsulting.net> <sunhm8$138gs$1@news1.tnib.de> <suolbr$id8$1@tncsrv09.home.tnetconsulting.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 18 Feb 2022 19:36:50 -0000 (UTC)
Injection-Info: news1.tnib.de; posting-host="torres.zugschlus.de:85.214.160.151";
logging-data="1229360"; mail-complaints-to="abuse@tnib.de"
X-Newsreader: Forte Agent 6.00/32.1186
 by: Marc Haber - Fri, 18 Feb 2022 19:36 UTC

Grant Taylor <gtaylor@tnetconsulting.net> wrote:
>On 2/18/22 12:26 AM, Marc Haber wrote:
>> Many people still learn that in school and are actually required to
>> reproduce that knowledge in exams. And then they begin working with
>> real networks and we have to make them forget.
>
>I don't think that we need to make them forget.

Classful thinking is harmful to today's networking, even in the IPv4
world. It is bad to examine people in a discipline that they will
never actively need. That is only relevant for historians.

--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

Re: IPv6 Hardware Firewall

<20220218204726.5e66d9e8@ryz>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=414&group=comp.os.linux.networking#414

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: mo0...@posteo.de (Marco Moock)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Fri, 18 Feb 2022 20:47:26 +0100
Organization: A noiseless patient Spider
Lines: 8
Message-ID: <20220218204726.5e66d9e8@ryz>
References: <suanni$gn6$1@dont-email.me>
<20220213135148.0dc315e6@ryz>
<sugu35$ia2$1@tncsrv09.home.tnetconsulting.net>
<20220215211807.08a73313@ryz>
<suhler$ege$1@dont-email.me>
<20220216162643.14b162e1@ryz>
<slrnt0qaop.idl.dan@djph.net>
<20220216191307.0fd4d19e@ryz>
<sujkt1$sg9c$1@news1.tnib.de>
<20220216211849.5c24bcb4@ryz>
<sul6ma$v6so$1@news1.tnib.de>
<sum0if$6tq$1@tncsrv09.home.tnetconsulting.net>
<sunhm8$138gs$1@news1.tnib.de>
<20220218120507.5cf1e822@ryz>
<suos9j$15fl5$1@news1.tnib.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Info: reader02.eternal-september.org; posting-host="82ca4a667a95ae663054c3aedebb5849";
logging-data="17833"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+vw1iwDsBJWsbh8kmJlGwn"
Cancel-Lock: sha1:qvmYYl7H38QOU38aEPAK5Oq6BAU=
X-Newsreader: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
 by: Marco Moock - Fri, 18 Feb 2022 19:47 UTC

Am Freitag, 18. Februar 2022, um 20:33:06 Uhr schrieb Marc Haber:

> This is just choosing a different prefix for your network. There is no
> magic in that.

But to do that correctly you need to be aware how subnetting works.
You need to understand what /<any number> means etc.

Re: IPv6 Hardware Firewall

<sup09v$nav$1@tncsrv09.home.tnetconsulting.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=415&group=comp.os.linux.networking#415

 copy link   Newsgroups: comp.os.linux.networking
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.os.linux.networking
Subject: Re: IPv6 Hardware Firewall
Date: Fri, 18 Feb 2022 13:41:50 -0700
Organization: TNet Consulting
Message-ID: <sup09v$nav$1@tncsrv09.home.tnetconsulting.net>
References: <suanni$gn6$1@dont-email.me> <20220213135148.0dc315e6@ryz>
<sugu35$ia2$1@tncsrv09.home.tnetconsulting.net> <20220215211807.08a73313@ryz>
<suhler$ege$1@dont-email.me> <20220216162643.14b162e1@ryz>
<slrnt0qaop.idl.dan@djph.net> <20220216191307.0fd4d19e@ryz>
<sujkt1$sg9c$1@news1.tnib.de> <20220216211849.5c24bcb4@ryz>
<sul6ma$v6so$1@news1.tnib.de> <sum0if$6tq$1@tncsrv09.home.tnetconsulting.net>
<sunhm8$138gs$1@news1.tnib.de>
<suolbr$id8$1@tncsrv09.home.tnetconsulting.net>
<suosgh$15ghg$1@news1.tnib.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 18 Feb 2022 20:41:35 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="23903"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <suosgh$15ghg$1@news1.tnib.de>
Content-Language: en-US
 by: Grant Taylor - Fri, 18 Feb 2022 20:41 UTC

On 2/18/22 12:36 PM, Marc Haber wrote:
> Classful thinking is harmful to today's networking, even in the IPv4
> world. It is bad to examine people in a discipline that they will
> never actively need. That is only relevant for historians.

I disagree on multiple fronts:

1) There is a *HUGE* /difference/ in explaining what something is
verses advocating for it's use.

Point in case: Marc, you couldn't be as strong an advocate against
classfull networking if you weren't aware of it.

2) Most people need at least some understanding off why something is
bad in order to choose not to sue it. That is predicated on having a
minimal understanding of what said thing is.

3) If people have never been exposed to something, much less why it's
bad, there is a reasonable chance that some of them will either
re-invent (a variant of) it or discover it and take it up as a good idea.

All three of these require some very basic knowledge of what clasfull
networking is.

--
Grant. . . .
unix || die

Pages:1234567
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor