Right now we own one domain name (e.g. superfault.com).
From the internet i can connect to a variety of networked devices using that single DNS name:
superfault.com
╔════════════╗ ╔══════════════╗
║device with ║ ┌─────────80╢Web Server 1 ║
║ public IP ║ │┌────────81╢192.168.1.10 ║
superfault.com:80╫────────────╫──┘│┌─────3389╢ ║
superfault.com:81╫────────────╫───┘│ ╚══════════════╝
superfault.com:3389╫────────────╫────┘ ╔══════════════╗
superfault.com:25╫────────────╫────────────25╢E-mail server ║
superfault.com:110╫────────────╫───────────110╢192.168.1.11 ║
superfault.com:3390╫────────────╫──────────3389╢ ║
superfault.com:443╫────────────╫────┐ ╚══════════════╝
superfault.com:3391╫────────────╫───┐│ ╔══════════════╗
superfault.com:3392╫────────────╫──┐│└──────443╢Web Server 2 ║
superfault.com:3393╫────────────╫─┐│└──────3389╢192.168.1.12 ║
╚════════════╝ ││ ╚══════════════╝
││ ╔══════════════╗
│└───────3389╢Desktop PC 1 ║
│ ║192.168.2.100 ║
│ ╚══════════════╝
│ ╔══════════════╗
└────────3389╢Desktop PC 2 ║
║192.168.2.101 ║
╚══════════════╝
Now, with IPv6, i can give all these devices a publically routable IPv6 address:
superfault.com
╔════════════╗ ╔══════════════╗
║Gatway ║ ╢Web Server 1 ║
║Firewall ║ ╢2001::10 ║
║2001::1 ║ ╢ ║
║ ║ ╚══════════════╝
║ ║ ╔══════════════╗
║ ║ ╢E-mail server ║
║ ║ ╢2001::11 ║
╚════════════╝ ╢ ║
╚══════════════╝
╔══════════════╗
╢Web Server 2 ║
╢2001::12 ║
╚══════════════╝
╔══════════════╗
╢Desktop PC 1 ║
║2001::2:100 ║
╚══════════════╝
╔══════════════╗
╢Desktop PC 2 ║
║2001::2:101 ║
╚══════════════╝
But i only own one domain name, which can only resolve to one IPv6 address:
- superfault.com:
2001::1
So how to i find the IP address of all my other devices? The simple method is to use my firewall device as a proxy - which is the functionality that NAT provides. The undesirable, and expensive way, is to find a free domain name for every IPv6 address i own.
What's the IPv6 equivalent of NAT?
Update:
The other problem is that IPv6 does not allow
http://superuser.com
you have to use:
http://www.superuser.com
So if a user forgets the www, then your site will appear broken.
Same way that IPv6 does not allow:
ftp://superuser.com
as you have to use:
ftp://ftp.superuser.com
and it doesn't allow
> ventrillo superuser.com
you have to be sure to tell users:
> ventrillo ventrillo.superuser.com
Answer
That's what subdomains are for.
If you own, for example, superfault.com, you can freely create desktop.superfault.com, mail.superfault.com, ian.superfault.com... (If you don't – buy one, they are fairly cheap. Or visit za.net or eu.org for a free domain.)
Also, you do not need NAT in order to forward ports. Try ip6tables with -j TPROXY.
No comments:
Post a Comment