Return to Question

This is a Canonical Question about IPv6 and NAT

Related:

• How does IPv6 subnetting work and how does it differ from IPv4 subnetting?
• How can I 'dip my toes' into dynamic IPv6 network addressing?
• IPv6 without nat but what about an isp change?

So our ISP has set up IPv6 recently, and I've been studying what the transition should entail before jumping into the fray.

I've noticed three very important issues:

1. Our office NAT router (an old Linksys BEFSR41) does not support IPv6. Nor does any newer router, AFAICT. The book I'm reading about IPv6 tells me that it makes NAT "unnecessary" anyway.

2. If we're supposed to just get rid of this router and plug everything directly to the Internet, I start to panic. There's no way in hell I'll put our billing database (With lots of credit card information!) on the internet for everyone to see. Even if I were to propose setting up Windows' firewall on it to allow only 6 addresses to have any access to it at all, I still break out in a cold sweat. I don't trust Windows, Windows' firewall, or the network at large enough to even be remotely comfortable with that.

3. There's a few old hardware devices (ie, printers) that have absolutely no IPv6 capability at all. And likely a laundry list of security issues that date back to around 1998. And likely no way to actually patch them in any way. And no funding for new printers.

I hear that IPv6 and IPSEC are supposed to make all this secure somehow, but without physically separated networks that make these devices invisible to the Internet, I really can't see how. I can likewise really see how any defences I create will be overrun in short order. I've been running servers on the Internet for years now and I'm quite familiar with the sort of things necessary to secure those, but putting something Private on the network like our billing database has always been completely out of the question.

What should I be replacing NAT with, if we don't have physically separate networks?

This is a Canonical Question about IPv6 and NAT

Related:

• How does IPv6 subnetting work and how does it differ from IPv4 subnetting?
• How can I 'dip my toes' into dynamic IPv6 network addressing?
• IPv6 without nat but what about an isp change?

Our ISP has set up IPv6 recently, and I've been studying what the transition should entail before jumping into the fray.

I've noticed three very important issues:

1. Our office NAT router (an old Linksys BEFSR41) does not support IPv6. Nor does any newer router, AFAICT. The book I'm reading about IPv6 tells me that it makes NAT "unnecessary" anyway.

2. If we're supposed to just get rid of this router and plug everything directly to the Internet, I start to panic. There's no way in hell I'll put our billing database (with lots of credit card information!) on the Internet for everyone to see. Even if I were to propose setting up Windows' firewall on it to allow only 6 addresses to have any access to it at all, I still break out in a cold sweat. I don't trust Windows, Windows' firewall, or the network at large enough to even be remotely comfortable with that.

3. There's a few old hardware devices (ie, printers) that have absolutely no IPv6 capability at all. And likely a laundry list of security issues that date back to around 1998. And likely no way to actually patch them in any way. And no funding for new printers.

I hear that IPv6 and IPSEC are supposed to make all this secure somehow, but without physically separated networks that make these devices invisible to the Internet, I really can't see how. I can likewise really see how any defences I create will be overrun in short order. I've been running servers on the Internet for years now and I'm quite familiar with the sort of things necessary to secure those, but putting something private on the network like our billing database has always been completely out of the question.

What should I be replacing NAT with if we don't have physically separate networks?

This is a Canonical Question about IPv6 and NAT

 

Related:

 

• How does IPv6 subnetting work and how does it differ from IPv4 subnetting?
• How can I 'dip my toes' into dynamic IPv6 network addressing?
• IPv6 without nat but what about an isp change?

So our ISP has set up IPv6 recently, and I've been studying what the transition should entail before jumping into the fray.

I've noticed three very important issues:

1. Our office NAT router (an old Linksys BEFSR41) does not support IPv6. Nor does any newer router, AFAICT. The book I'm reading about IPv6 tells me that it makes NAT "unnecessary" anyway.

2. If we're supposed to just get rid of this router and plug everything directly to the Internet, I start to panic. There's no way in hell I'll put our billing database (With lots of credit card information!) on the internet for everyone to see. Even if I were to propose setting up Windows' firewall on it to allow only 6 addresses to have any access to it at all, I still break out in a cold sweat. I don't trust Windows, Windows' firewall, or the network at large enough to even be remotely comfortable with that.

3. There's a few old hardware devices (ie, printers) that have absolutely no IPv6 capability at all. And likely a laundry list of security issues that date back to around 1998. And likely no way to actually patch them in any way. And no funding for new printers.

I hear that IPv6 and IPSEC are supposed to make all this secure somehow, but without physically separated networks that make these devices invisible to the Internet, I really can't see how. I can likewise really see how any defences I create will be overrun in short order. I've been running servers on the Internet for years now and I'm quite familiar with the sort of things necessary to secure those, but putting something Private on the network like our billing database has always been completely out of the question.

What should I be replacing NAT with, if we don't have physically separate networks?

This is a Canonical Question about IPv6 and NAT

Related:

• How does IPv6 subnetting work and how does it differ from IPv4 subnetting?
• How can I 'dip my toes' into dynamic IPv6 network addressing?
• IPv6 without nat but what about an isp change?

So our ISP has set up IPv6 recently, and I've been studying what the transition should entail before jumping into the fray.

I've noticed three very important issues:

1. Our office NAT router (an old Linksys BEFSR41) does not support IPv6. Nor does any newer router, AFAICT. The book I'm reading about IPv6 tells me that it makes NAT "unnecessary" anyway.

2. If we're supposed to just get rid of this router and plug everything directly to the Internet, I start to panic. There's no way in hell I'll put our billing database (With lots of credit card information!) on the internet for everyone to see. Even if I were to propose setting up Windows' firewall on it to allow only 6 addresses to have any access to it at all, I still break out in a cold sweat. I don't trust Windows, Windows' firewall, or the network at large enough to even be remotely comfortable with that.

3. There's a few old hardware devices (ie, printers) that have absolutely no IPv6 capability at all. And likely a laundry list of security issues that date back to around 1998. And likely no way to actually patch them in any way. And no funding for new printers.

I hear that IPv6 and IPSEC are supposed to make all this secure somehow, but without physically separated networks that make these devices invisible to the Internet, I really can't see how. I can likewise really see how any defences I create will be overrun in short order. I've been running servers on the Internet for years now and I'm quite familiar with the sort of things necessary to secure those, but putting something Private on the network like our billing database has always been completely out of the question.

What should I be replacing NAT with, if we don't have physically separate networks?

This is a Canonical Question about IPv6 and NAT

Related:

• How does IPv6 subnetting work and how does it differ from IPv4 subnetting?
• How can I 'dip my toes' into dynamic IPv6 network addressing?
• IPv6 without nat but what about an isp change?

So our ISP has set up IPv6 recently, and I've been studying what the transition should entail before jumping into the fray.

I've noticed three very important issues:

1. Our office NAT router (an old Linksys BEFSR41) does not support IPv6. Nor does any newer router, AFAICT. The book I'm reading about IPv6 tells me that it makes NAT "unnecessary" anyway.

2. If we're supposed to just get rid of this router and plug everything directly to the Internet, I start to panic. There's no way in hell I'll put our billing database (With lots of credit card information!) on the internet for everyone to see. Even if I were to propose setting up Windows' firewall on it to allow only 6 addresses to have any access to it at all, I still break out in a cold sweat. I don't trust Windows, Windows' firewall, or the network at large enough to even be remotely comfortable with that.

3. There's a few old hardware devices (ie, printers) that have absolutely no IPv6 capability at all. And likely a laundry list of security issues that date back to around 1998. And likely no way to actually patch them in any way. And no funding for new printers.

I hear that IPv6 and IPSEC are supposed to make all this secure somehow, but without physically separated networks that make these devices invisible to the Internet, I really can't see how. I can likewise really see how any defences I create will be overrun in short order. I've been running servers on the Internet for years now and I'm quite familiar with the sort of things necessary to secure those, but putting something Private on the network like our billing database has always been completely out of the question.

What should I be replacing NAT with, if we don't have physically separate networks?

This is a Canonical Question about IPv6 and NAT

Related:

• How does IPv6 subnetting work and how does it differ from IPv4 subnetting?
• How can I 'dip my toes' into dynamic IPv6 network addressing?
• IPv6 without nat but what about an isp change?

So our ISP has set up IPv6 recently, and I've been studying what the transition should entail before jumping into the fray.

I've noticed three very important issues:

1. Our office NAT router (an old Linksys BEFSR41) does not support IPv6. Nor does any newer router, AFAICT. The book I'm reading about IPv6 tells me that it makes NAT "unnecessary" anyway.

2. If we're supposed to just get rid of this router and plug everything directly to the Internet, I start to panic. There's no way in hell I'll put our billing database (With lots of credit card information!) on the internet for everyone to see. Even if I were to propose setting up Windows' firewall on it to allow only 6 addresses to have any access to it at all, I still break out in a cold sweat. I don't trust Windows, Windows' firewall, or the network at large enough to even be remotely comfortable with that.

3. There's a few old hardware devices (ie, printers) that have absolutely no IPv6 capability at all. And likely a laundry list of security issues that date back to around 1998. And likely no way to actually patch them in any way. And no funding for new printers.

I hear that IPv6 and IPSEC are supposed to make all this secure somehow, but without physically separated networks that make these devices invisible to the Internet, I really can't see how. I can likewise really see how any defences I create will be overrun in short order. I've been running servers on the Internet for years now and I'm quite familiar with the sort of things necessary to secure those, but putting something Private on the network like our billing database has always been completely out of the question.

What should I be replacing NAT with, if we don't have physically separate networks?