IPv6

Learn about Computer Security General Security Questions and Comments
1

Hi all,

I’ve been thinking about how I should deal with IPv6 on my network, particularly since there don’t seem to be any good ways to control outbound IPv6 communication to the internet. At first, I thought I would just disable IPv6 altogether, which is easy enough, but upon further research I came to the conclusion that this wasn’t really the optimal solution after all, because IPv6 does actually provide some benefits and conveniences on a private network. So, I concluded that I could have the best of all worlds by enabling IPv6 within my private network, but by also disabling outbound IPv6 communication to the internet at my network gateway router. It wasn’t immediately clear how to do this, but through a process of trial and error, I seem to have stumbled on a configuration that works, and I thought I would share it on this forum in case this topic is of interest to others.

My network is a bit complicated, but for the purposes of this post, I will simplify it to it’s core elements, so suffice it to say that I use an Asus RT-AC68U as my network gateway router, and that its IPv4 address is 192.168.10.1. Under the IPv6 tab of Advanced Settings in the router configuration interface, I entered the following:

[u]Basic Config[/u] Connection type: [b]Static IPv6[/b]

IPv6 WAN Setting
WAN IPv6 Address: ::1
WAN Prefix Length: 128
WAN IPv6 Gateway: ::1

IPv6 LAN Setting
LAN IPv6 Address: ::ffff:192.168.10.1
LAN Prefix Length: 96
LAN IPv6 Prefix: ::ffff:0.0.0.0
Auto Configuration Setting: Stateless

IPv6 DNS Setting
IPv6 DNS Server 1: ::ffff:192.168.10.1
IPv6 DNS Server 2:
IPv6 DNS Server 3:

Auto Configuration Setting
Enable Router Advertisement: Enable

I imagine that the above configuration interface will be similar even with another brand/model of router. I would guess that all you would need to do is change “192.168.10.1” above to match the IPv4 address of your network gateway router. I would also recommend that you enable the IPv6 Firewall in the Firewall tab of Advanced Settings in the router configuration interface.

Lastly, I’m all ears if anyone has some constructive feedback on this approach.

Thank you,

np