Answer the question
In order to leave comments, you need to log in
How to distribute the Internet in the ipv6 local network, but leave all the cars hidden behind one external ipv6?
Hey! There is a Linux Proxmox-VE 4.4.19-1-pve server with virtual machines and 1 external ipv4 and ipv6 subnet.
Task: create several vds inside the server with their own local network, the existence of which could not be known from the outside.
Problem: if you do not issue ipv6 to virtual machines from the external subnet (Scope:Global), then they cannot contact the outside world, for example, update packages. And if you issue ipv6 from an external subnet, then theoretically it will be possible to determine the size of the network from the outside and make any attacks.
Answer the question
In order to leave comments, you need to log in
Release cars to the Internet through a proxy or NAT if they only need to download updates.
If you need to access them from the outside, just properly configure the firewall, restricting the connection from the outside.
In addition to normal solutions (NAT and proxies) - if you are so paranoid, and virtual machines only go outside for updates - make a mirror inside the local area, even if it climbs outside.
ps
In addition to any paranoia - a mirror with updates "on its own territory" is convenient - it reduces the load on the external channel (when all the virtual machines get updated at once) and, ultimately, increases the speed of downloading updates (which not only depends on your Internet channel, but and from "foreign").
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question