Hi
I am fairly new to IPv6, still learning lots about it (any one got any good links to sites with good info on it regarding IPv6 let me know :) )
I am wrong in thinking I cant setup IPv6 like IPv4?
At the moment I have a public IPv4 address with some ports forwarding to private IPv4 address's
EG (X = public IP)
X.X.X.X Port 80 to 192.168.0.50
X.X.X.X Port 8080 to 192.168.51
etc
This is the sort of thing I wanted to do with IPv6 but I couldnt seem to get it to work.
I have cisco 877W setup with a IPv6 Tunnel to HE
At first I just had a /64 address which was setup on the tunnel, I then enabled IPv6 on the vlan and my PC's inside picked up a link-local address and was able to do IPv6 traffic between them, but I could get them to route out to the internet via the router, after reading some posts and trying things it wouldnt work.
so I got a /48 and after looking back on some posts with other people with cisco routers and now my PC's get Public IPv6 address's on the /48, however this opens up my PC's on internet as they have public IP's now.
is there a way I can set it up to have it like I have on IPv4?
Here is my IPv6 related config (2001:X... is /64 2001:Y... is /48 )
ipv6 unicast-routing
ipv6 cef
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:XXX:XXX:XXX::2/64
ipv6 enable
tunnel source X.X.X.X
tunnel destination X.X.X.X
tunnel mode ipv6ip
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ipv6 address 2001:YYY:YYY::/64 eui-64
ipv6 enable
ipv6 nd prefix 2001:YYY:YYY::/64
!
ipv6 route ::/0 Tunnel0
Hope someone can help me with this
Thanks
David
ok I guess I cant do that then sice there is no reply's, can anyone help with ipv6 firewalling on a cisco 877?
Your question doesn't make sense. That's why there's no replies.
On IPv4, you have NAT going on, with port forwarding/redirection into a private network.
With IPv6, there is no such thing as private address space, and no use for NAT.
I see
I guess that why it doesn't make much sense like I said I was new to IPv6 ;)
Do you have any advise for firewalling IPv6 on on a 877W?
I don't want any ports open inbound from the internet apart from a couple of ports.
Regards
David
David,
You will want to read up on access-lists and IOS Firewall;
I am not familiar with the Cisco 877W, but you can add IPv6 access-lists.
(Going from memory)
ipv6 access-list ipv6-in
permit tcp any any established
deny ipv6 any any log
interface tunnelx (x being the tunnel number)
ipv6 traffic-filter ipv6-in in
you will want to modify to your needs.
you can also get down and dirty with ipv6 inspect commands for stateful inspection,
but ACLs should suffice.
good luck.
Billy