Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

IPv6: Private LAN: Security policy
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
schorsch_76
Guru
Guru


Joined: 19 Jun 2012
Posts: 450
PostPosted: Mon Apr 11, 2016 8:54 am    Post subject: IPv6: Private LAN: Security policy Reply with quote
Hi,
i read a lot about ipv6. Currently my ISP provides both, IPv4 and v6. I turned off IPv6 currently. I have a DSL modem which gets handled by a Alix Board which runs gentoo + pppd. I used radvd to supply the given prefix to my internal network.
BUT: On my server i have a v6 address too. I could directly ping to my laptop on my LAN.

I dont want to offer my internal services to the public... What security policy do you use for your LAN machines?

[1] http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/
_________________
// valid again: I forgot about the git access. Now 1.2GB big. Start: 2015-06-25
git daily portage tree
Web: https://github.com/schorsch1976/portage
git clone https://github.com/schorsch1976/portage
Back to top
View user's profile Send private message
UberLord
Retired Dev
Retired Dev


Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
PostPosted: Mon Apr 11, 2016 10:08 am    Post subject: Reply with quote
Firewall your services on your router so only clients within the prefix can access them.
You could even block inbound access to clients within your prefix from the internet entirely, unless they have a prior outbound route (this is the stateful bit of the firewall) which gives you the same security as IPv4 NAT in the the internal clients don't need a firewall.

I can't tell you how to do this on Linux as I use NetBSD to power my router.
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920
PostPosted: Mon Apr 11, 2016 3:58 pm    Post subject: Re: IPv6: Private LAN: Security policy Reply with quote
schorsch_76 wrote:
I dont want to offer my internal services to the public... What security policy do you use for your LAN machines?

I give them a site-local prefix (fd00::/8) and bind internal services to those addresses. It's the same as having 192.168 IPv4 addresses.
Back to top
View user's profile Send private message
schorsch_76
Guru
Guru


Joined: 19 Jun 2012
Posts: 450
PostPosted: Mon Apr 11, 2016 4:50 pm    Post subject: Reply with quote
Thanks for the input :)
_________________
// valid again: I forgot about the git access. Now 1.2GB big. Start: 2015-06-25
git daily portage tree
Web: https://github.com/schorsch1976/portage
git clone https://github.com/schorsch1976/portage
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy