IRRd-Discuss
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: irrd2.2.2
- From: Jeffrey Haas
- Date: Tue Dec 14 23:59:29 2004
Just a random observation from other operating systems, not sure
if this is the particular case for freebsd.
Some operating systems have difficulty giving you a wildcard socket
for both ipv4 and ipv6. On those operating systems you will need
to simply get an ipv6 socket and your v4 connections will complete
over that as ipv6 mapped ipv4 addresses. On other operating systems,
it is necessary to allocate both sockets.
I may have the details a little backwards, but this is probably close.
On Wed, Dec 15, 2004 at 01:49:38PM +0900, Kuniaki Kondo wrote:
> >On Tue, Dec 14, 2004 at 10:32:47AM -0500, Larry J. Blunk wrote:
> >> On Tue, 2004-12-14 at 18:39 +0900, Kuniaki Kondo wrote:
> >> > In this situation, When IRRd will be executed, IRRd will not open
> >> > IPv4 socket, just only IPv6, for port 43 and UII. Thus, it can
> >> > not access from other hosts using IPv4.
> >>
> >> With FreeBSD, you should be able to set the net.inet6.ip6.v6only
> >> sysctl variable to 0 to change the default behavior.
> >
> >Setting net.inet6.ip6.v6only has security implications: if you use
> >packet filtering or tcp wrappers, your IPv6 rules need to take into
> >account everything that you used to do in IPv4 rules.
>
> Hmm... I didn't understand about this point.
>
> If we already have 'IPv6 fintering policy' or some rules, then
> we don't have security problem. Is it correct?
> If so, this is not a serious problem, I think.
>
> If you have any other serious problems about this issue,
> please advice to me.
>
> >It would be better to configure IRRd to use separate IPv4 and IPv6
> >sockets.
>
> Is this mean that I execute two IRRd processes on a server?
> In this case, how to share database files for these processes?
>
>
> Thank you.
>
> >
> >Regards,
> >+ Kim
> >--
> ><A HREF="http://kimmo.suominen.com/";>Kimmo Suominen</A>
> >
>
--
Jeff Haas
NextHop Technologies
|
