Welcome to Hurricane Electric's Tunnelbroker.net forums!
Started by andrewsi, July 27, 2011, 04:20:40 PM
Quote from: johnpoz on July 27, 2011, 05:31:37 PMyeah simple firewall, turn it on - your 2008r2 clearly comes with one.But this is why I am not a fan of endpoint of the tunnel being inside of your gateway device. If you want to supply your network with ipv6 then just move the tunnel to your gateway device. If does not support doing it, then change to a device that does, a simple $50 router running dd-wrt can do it ;) You will then have firewall at your edge you can block or allow traffic with.
Quote from: johnpoz on July 29, 2011, 02:20:37 PMSo does the 2k8r2 box act as your NAT router, ie is really the gateway for your network. Or is inside your network already and your just using it as the endpoint for the tunnel?Once you tunnel the ipv6 through your gateway, then yes every device that would be using this endpoint as its ipv6 gateway would need to have a firewall on it. This is the problem with endpoint of the tunnel being inside your network.If you endpoint the tunnel at your gateway, then its firewall could be used to filter ipv6 traffic into your network.What device is your gateway to the public net now? Is it this 2k8r2 box? You have a public IP on one of its interfaces, and you nat that into your private network? or do you have some router before this 2k8r2 box?