2

Right now we own one domain name (e.g. superfault.com).

From the internet i can connect to a variety of networked devices using that single DNS name:

                         superfault.com
                         ╔════════════╗              ╔══════════════╗
                         ║device with ║  ┌─────────80╢Web Server 1  ║
                         ║ public IP  ║  │┌────────81╢192.168.1.10  ║
        superfault.com:80╫────────────╫──┘│┌─────3389╢              ║
        superfault.com:81╫────────────╫───┘│         ╚══════════════╝
      superfault.com:3389╫────────────╫────┘         ╔══════════════╗
        superfault.com:25╫────────────╫────────────25╢E-mail server ║ 
       superfault.com:110╫────────────╫───────────110╢192.168.1.11  ║ 
      superfault.com:3390╫────────────╫──────────3389╢              ║ 
       superfault.com:443╫────────────╫────┐         ╚══════════════╝
      superfault.com:3391╫────────────╫───┐│         ╔══════════════╗      
      superfault.com:3392╫────────────╫──┐│└──────443╢Web Server 2  ║ 
      superfault.com:3393╫────────────╫─┐│└──────3389╢192.168.1.12  ║ 
                         ╚════════════╝ ││           ╚══════════════╝
                                        ││           ╔══════════════╗   
                                        │└───────3389╢Desktop PC 1  ║ 
                                        │            ║192.168.2.100 ║
                                        │            ╚══════════════╝
                                        │            ╔══════════════╗   
                                        └────────3389╢Desktop PC 2  ║ 
                                                     ║192.168.2.101 ║
                                                     ╚══════════════╝

Now, with IPv6, i can give all these devices a publically routable IPv6 address:

      superfault.com
      ╔════════════╗              ╔══════════════╗
      ║Gatway      ║              ╢Web Server 1  ║
      ║Firewall    ║              ╢2001::10      ║
      ║2001::1     ║              ╢              ║
      ║            ║              ╚══════════════╝
      ║            ║              ╔══════════════╗
      ║            ║              ╢E-mail server ║ 
      ║            ║              ╢2001::11      ║ 
      ╚════════════╝              ╢              ║ 
                                  ╚══════════════╝
                                  ╔══════════════╗      
                                  ╢Web Server 2  ║ 
                                  ╢2001::12      ║ 
                                  ╚══════════════╝
                                  ╔══════════════╗   
                                  ╢Desktop PC 1  ║ 
                                  ║2001::2:100   ║
                                  ╚══════════════╝
                                  ╔══════════════╗   
                                  ╢Desktop PC 2  ║ 
                                  ║2001::2:101   ║
                                  ╚══════════════╝

But i only own one domain name, which can only resolve to one IPv6 address:

  • superfault.com: 2001::1

So how to i find the IP address of all my other devices? The simple method is to use my firewall device as a proxy - which is the functionality that NAT provides. The undesirable, and expensive way, is to find a free domain name for every IPv6 address i own.

What's the IPv6 equivalent of NAT?

Update:

The other problem is that IPv6 does not allow

http://superuser.com

you have to use:

http://www.superuser.com

So if a user forgets the www, then your site will appear broken.

Same way that IPv6 does not allow:

ftp://superuser.com

as you have to use:

ftp://ftp.superuser.com

and it doesn't allow

> ventrillo superuser.com

you have to be sure to tell users:

> ventrillo ventrillo.superuser.com
Ian Boyd
  • 23,066

2 Answers2

3

That's what subdomains are for.

If you own, for example, superfault.com, you can freely create desktop.superfault.com, mail.superfault.com, ian.superfault.com... (If you don't – buy one, they are fairly cheap. Or visit za.net or eu.org for a free domain.)

Also, you do not need NAT in order to forward ports. Try ip6tables with -j TPROXY.

grawity
  • 501,077
2

What makes you think that you only own that domain name, and no subdomains thereof? Conventionally in the domain name system, the owner of example.net. thereby gets to be the owner of

  • workstations.example.net.
  • mike.workstations.example.net.
  • betty.workstations.example.net.
  • second.servers.example.net.
  • third.servers.example.net., and even
  • ian.boyd.personal-laptops.example.net.

If you don't have control of the subdomains, then you don't really own the domain in the first place. If you do own the domain, then the answer here is the simple and straightforward one that the rest of the world widely uses. ☺

Ian Boyd
  • 23,066
JdeBP
  • 27,556
  • 1
  • 77
  • 106