IPv4 - 32bits - 192.168.123.245 aprox: 4.3 bilhoes de endereços
8bits.8bits.8bits.8bits = 32bits
nomenclatura - binário: 0000 -> 0
0001 -> 1
0010 -> 2 ...
1001 -> 9
decimal: 0000.0000.0000.0000 ou 0/0 -> 255.255.255.255
CIDR: IP/32, IP/24, IP/29...
IPv6 - 128bits - 2001:0db8:bdf1:abcd:def:cafe:f0ca:34 duplo octeto ou hexadecateto
2001 :..... aprox: 2^128 or 340 Bilhão, Bilhão, Bilhão, Bilhão de endereços
| 2bytes |
16bits:16bits:16:16:16:16:16:16 = 128bits
nomenclatura: binário: 0000 -> 0
0001 -> 1
0010 -> 2
1001 -> 9
1010 -> A
1111 -> F
hexadecimal: 0000:0000:0000:0000:0000:0000:0000:0000 -> ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
CIDR: IP/128, IP/32, IP/64, IP/56...
Rede minima /64 (18 Bilhão, Bilhão de dispositivos)
Abreviações: indiferença entre caracteres MAIÚSCULOS ou minúsculos - 2001::ABCD 2001::abcd
omitir zeros à esquerda - 2001:cafe:foca:001a:0abc:0001:09ac:0003
2001:CAFE:foca:1a:abc:1:9ac:3
suprimir sequencias de zeros (apenas uma vez)com "::" - 2001:cafe:0252:0000:0000:0000:0043:fff5
2001:cafe:252::43:fff5
IPv6 - Conexão pontoa a ponto sem uso de NAT
- Não usa Broadcast e ARP
- Padrão de endereços: UNICAST (identificação individual)
ANYCAST (Seletiva)
Multicast (Grupos)
UNICAST
Global Unicast
|Prefixo de endereçamento global|ID de Subnet|Identifacao de INterface|
n bits 64-n 64 bits
Os endereços liberados pela IANA para utilização até o momento compreende uma rede:
2000::/3 isto quer dizer: 2 bytes
0001 = 2
0001 + 1 = 3 neste caso os endereços começam em
2000:: -> 2000::1 até 3FFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
Os endereços a seguir foram distribuídos entre os RIRS
AFRINIC = 2C00::/12
APNIC = 2400::/12
ARIN = 2600::/12
LACNIC = 2800::/12
RIPENIC = 2A00::/12
A NIC/BR separou a rede 2800::/12 em 2801::/16...
Tipos de endereços IPv6:
Link-local unicast: FE80::/10
Global unicast: 2000::/3
Local IPv6 Addresses: FC00::/7
Multicast: FF00::/8
Loopback Address: ::1/128
IPv4 Mapped: ::FFFF:192.168.1.100
Router Anycast: ::
Everything: ::/0
Adding To Your Firewall
# Loopback and ICMP IPv4
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A FORWARD -p icmp -j ACCEPT
# Loopback and ICMP IPv6
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A INPUT -p icmpv6 -i lo -j ACCEPT
ip6tables -A FORWARD -p icmpv6 -i lo -j ACCEPT
ip6tables -A INPUT -p icmpv6 -i eth1 -j ACCEPT
ip6tables -A FORWARD -p icmpv6 -i eth1 -j ACCEPT
ip6tables -A INPUT -p icmpv6 -i tb6in4 -j ACCEPT
ip6tables -A FORWARD -p icmpv6 -i tb6in4 -j ACCEPT
# IPv4 Input Rules
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A INPUT -i eth0 -p 41 -s 66.220.18.42/32 -j ACCEPT
iptables -A INPUT -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -j DROP
# IPv6 Input Rules
ip6tables -A INPUT -i eth1 -j ACCEPT
ip6tables -A INPUT -d ff01::/16 -j ACCEPT
ip6tables -A INPUT -d ff02::/16 -j ACCEPT
ip6tables -A INPUT -i tb6in4 -m state –state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A INPUT -j DROP
# IPv4 Forwarding Rules
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A FORWARD -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -j DROP
# IPv6 Forwarding Rules
ip6tables -A FORWARD -i eth1 -j ACCEPT
ip6tables -A FORWARD -i tb6in4 -m state –state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A FORWARD -j DROP
# IPv4 Web Services
iptables -A PREROUTING -i eth0 -d 208.83.99.40/32 \
-p tcp –dport 80 -j DNAT –to-address 192.168.100.100
iptables -A FORWARD -i eth0 -d 192.168.100.100/32 -p tcp –dport 80 -j ACCEPT
iptables -A PREROUTING -i eth0 -d 208.83.99.40 \
-p tcp –dport 443 -j DNAT –to-address 192.168.100.100
iptables -A FORWARD -i eth0 -d 192.168.100.100 -p tcp –dport 443 -j ACCEPT
# IPv6 Web Services
ip6tables -A FORWARD -i tb6in4 -d 2001:470:c:8bc::64/128 \
-p tcp –dport 80 -j ACCEPT
ip6tables -A FORWARD -i tb6in4 -d 2001:470:c:8bc::64/128 \
-p tcp –dport 443 -j ACCEP