Subj : IPv6/4 indicator To : Bj”rn Felten From : Michiel van der Vlist Date : Wed Jun 22 2011 14:40:49 Hello Bj”rn, On Wednesday June 22 2011 09:32, you wrote to Benny Pedersen: BF> I have four physical and 10-20 virtual servers on my LAN. I don't want BF> to mess with IP-addresses for all of them -- especially not BF> IPv6-addresses. If you want IPv6 connectivity, "messing with IPv6 addresses" may be unavoaidable. At least for the four physical machines. But... it may not be as bas as you think. BF> My problem is not outgoing traffic, it's the incoming ditto. Now I BF> handle it all from the firewall on the computer (WinXP) connected to BF> the ADSL modem and the WinXP connected to 3G respectively. How about that Linksys with USB addition? Have you give up? It seems to me that a dedicated router will makes things a lot more transparent. BF> I want to have those two servers route the different ports to the BF> respective server on the LAN, and I want to do it using the names not BF> the IP numbers. BF> E.g. :80 goes to AMD64, :23 goes to VM_NT4, :8000 (my Radio Station BF> :) ) goes to VW_XP9, :53 goes to DELL, :119 goes to VM_XP1, :21 goes BF> to VM_UBUN2 and so on. I have more than 30 more ports that I route all BF> around the LAN. That makes sense. For IPv4... Now take a step back and try to look at it from the POV of those that grew up with IPv4 *before* NAT. When every machine that had to be accesible from the outside had its own unique gobal address. Remember that NAT is a kludge that arose from the need to share adresses among many systems. We are niw so used to have the machines on our LAN's hidden behind a NAT, that we have difficulty switching back to the way of thinking before NAT. In fact, most of today's network admininstrators can not go back, because they never were there. For them NAT is the way and the only way. But with IPv6 there is no NAT. And if there were, you would not want it. IPv6 takes us back to when the Internet had not parted with the principle of universal end to end connectivity. In IPv6 every interface that needs internet access get its own unique globally routable address. Which with firewalls properly configured can be used bot ways. Forget about redirecting ports; that's IPv4 thinking. Think routing addresses; that's the IPv6 way. Also: XP does not have a full IPv6 stack. Neighbour discovery is flakey and DHCP6 is missing. So if you want to stay with XP, forget about DHCP6. Stateless autoconfiguration is much easier anyway. It will give all interfaces a STATIC address based on the subnet prefix and the MAC address of the interface. Want to address systems by name? Use DNS. Yes, you have to enter the names yourselves. But since all addresses are static, you only have to do it once, as long as you do not change the interface card or change provider, which would most likely change the subnet prefix. Mind you, this is all new to me too. I am just getting to it myself. My LAN is IPv6 ready, and systems can be made reacheable from the outside, but I haven't figured out how to easely deal with a large number of servers yet. But I do know that one first has to *unlearn* the IPv4 (=NAPT) way of thinking. Cheers, Michiel --- GoldED+/W32-MINGW 1.1.5-b20070503 * Origin: 2001:470:1f15:1117::1 (2:280/5555) .