![]() ![]() ![]() Also, knowing the MAC address is worthless, as it's not reachable from anywhere beyond your router. That prefix contains 2^64 addresses, which is the entire IPv4 address space squared! So, even with the prefix, an attacker would have a heck of a lot of work to do, just to find a working address within that prefix and that address would be valid for at most 7 days. However, with a privacy address, a different one will be used every day, leaving only your prefix exposed. So, when you go to a website, a real address is "revealed", as was always intended. The fixed address is normally used only for incoming connections, such as when you have a server. These privacy addresses are normally used when you have an outgoing connection. You will also have up to 7 privacy addresses, with a new one created every day. When you use SLAAC on your local network, you will have a fixed address, based on the MAC address or a random number. Then the prefix is preppended to create the 128 bit address. The MAC based address is created by taking the MAC address and inserting FFFE in the middle and then inverting the 7th bit. There is absolutely no mechanism for IPv6 to transmit the MAC address or host name, unless the MAC based address is used and then it takes a bit of effort to do that. It's only because we're forced to use NAT, to get around the IPv4 address shortage, that it's not happening for most users. This is the way that the Internet was always intended to work. What is happening is that computers on your LAN are being assigned a public address. If you want another router behind it, you're on your own, as I am not familiar with your equipment.Īs for that Redit post, that person obviously doesn't know what he's talking about. Regardless, if devices on the LAN, that is those connected directly to the first router are getting valid IPv6 addresses, then everything is working properly. I understood your point by reading:Īs I mentioned, I can't help you with the specifics of your hardware but, IIRC, you had 2 routers in your network and the first router cannot pass the config info onto the other, unless you buy something like Cisco and pay for the appropriate software. I can provide more details later if you like.ĮDIT: yes as per your comment, the MAC address is coming from the IPv6 as it is part of the one that gets recognised in the IPv6 test website. Sorry I could not post the actual snapshot as I am on mobile but please let me know if you have any advice on this. Intuitively it just didn’t seems right that a MAC address should show, after all when one posts any files even for troubleshooting then care is taken to avoid revealing IP and MAC addresses right? My rationale was if the device is getting easy to trace on the web then it can potentially be exposed to malicious attacks.Īgain this is all the perspective of a person who is learning so my fears may be unfounded. The only reason I was puzzled was how it’s picking up the firewall vendor and MAC address. In firewall I set the LAN to WAN as per the DHCP setting above and it seems to connect. In system/hosts and services I set the DHCP IPv6 as the fe80. Although Sophos guides say RA can be enabled in bridge but no interface option shows from the drop down menu. When I close it the IP addresses show as 192.168. ![]() Under interface, network: the bridged IPv6 is DHCP, auto, stateless and that gives the gateway ip below as fe80. If I may provide some additional information and perhaps you may recognize any configuration issue:ġ. Thank you for the advice and I agree it’s a challenge to advise when not fully aware of the configuration. However, I never touched the USG firewall assuming that any default values won’t be anything significant and I had not added any either. As a result there is no “interface” to select for RAĮdit: I have firewall rules set up on the Sophos XG and they work fine. However the Sophos seems to get an IPv6 for gateway but does not do anything with it. I had used the settings from your article in setting up the USG and that worked fine and addresses were being handed out (used 56 instead of 64). Anyone with Unifi experience can advise please? - I haven’t had issues but perhaps this is the stumbling block?Ģ. Yes it seems you flag an important issue, the firewall is not disabled on the USG and actually I confess I don’t know how to do that yet and I have not added any rules to it so whatever is there is probably some default values. Hence, offload that task to another device, in this case the Sophos XG.ġ. The rationale is simple: the IPS/IDS on USG slows it down to a crawl or at best a tenth of a gigabit connection. Some users have succeeded in putting the Sophos as the bump in the middle to manage the firewall aspect. Using Ubiquiti Unifi creates an almost OCD infatuation with seeing all the data points lit up on the admin dashboard: the USG, switch and APs. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |