mapping public to private IPv6 networks when firewalling

Brian E Carpenter brian.e.carpenter at
Thu Nov 24 03:56:50 CET 2011


Please read RFC 4864 "Local Network Protection for IPv6".

If that doesn't answer your question reasonably completely, you can
also read the Experimental RFC 6296, but such an experiment would defeat
one of the main purposes of IPv6.


On 2011-11-24 10:23, Eugen Leitl wrote:
> The SOP for firewalling in IPv4 is to use
> private (RFC 1918) networks and map external public
> networks 1:1 to them. The idea is that defaults to
> unreachable systems in case of firewall failure.
> What's the address space to use in IPv6 for such
> purposes? Is fc00::/7 (RFC 4193) unroutable on
> the public Internet in the same way as RFC 1918
> addresses?

More information about the ipv6-ops mailing list