57
submitted 20 hours ago by exu@feditown.com to c/technology@beehaw.org
top 15 comments
sorted by: hot top controversial new old
[-] Fisch@discuss.tchncs.de 3 points 4 hours ago

I'd like to migrate to IPV6 but German ISPs rotate IPV6 addresses as well (for some reason) and my domain provider (Namecheap) only supports DynDNS for IPV4 😕

[-] jbk@discuss.tchncs.de 3 points 7 hours ago

holy mother of nerdy based

my ISP doesn't even offer IPv6 ??

[-] pcouy@lemmy.pierre-couy.fr 5 points 8 hours ago

Migrating all my IPv4 stuff (firewalls, VPN, routing tables, etc) to IPv6 is probably the one thing I've procrastinated for the most time in my life :/

[-] Artyom@lemm.ee 33 points 19 hours ago* (last edited 19 hours ago)

Posted in December of course, after re-enabling IPv4 and restoring their internet connection to a functional state cuz some mystery process didn't respond all month.

Edit: I actually can't even access the link at the moment, maybe they forgot and left some IPv6 task enabled.

[-] Moonrise2473@feddit.it 9 points 19 hours ago

The challenge didn't ask to disable ipv4 but it was (jokingly) daring people to expose all ports to public to see how long the system would last before being exploited by bots. It wasn't meant to be taken seriously 😆

[-] jlh@lemmy.jlh.name 24 points 17 hours ago

NAT != closing ports

[-] SilverCode@lemm.ee 8 points 19 hours ago

How would you disable NAT and still use ipv4 unless you are able to assign a public IPv4 to your PC (and have nothing else in the network)?

[-] purplemonkeymad@programming.dev 8 points 18 hours ago

You got it on the nose, only one device.

[-] t3rmit3@beehaw.org 5 points 18 hours ago* (last edited 17 hours ago)

You can essentially achieve this with some routers with a "DMZ" network segment/ device, so all incoming requests to your external IP get forwarded to it automatically. You don't even need to disable NAT if you set it up well.

[-] hendrik@palaver.p3x.de 8 points 16 hours ago* (last edited 16 hours ago)

A standard DMZ still does NAT. You get a private IP and the router "nat"s you, just that it forwards all incoming traffic to that device by default. I think technically, that gets you disqualified for no nat november. Though, you'd end up exposing the ports of the machine to incoming traffic, that's correct.

[-] t3rmit3@beehaw.org 1 points 5 hours ago* (last edited 5 hours ago)

I admittedly did not read the original Mastodon post from nixCraft about the purpose of No NAT November, but surely it's not just about moving to IPv6? You can (and usually would) still do NATing with IPv6. You don't want every device to be internet-exposed, but still want them to be able to access the internet (and who wants to configure internet-defensive firewall rules on all their internal home hosts)?

There's a reason that FD00::/7 exists.

[-] targetx@programming.dev 2 points 4 hours ago* (last edited 4 hours ago)

I don't agree that you usually would still use NAT with IPv6. I've never seen NAT in combination with IPv6 and I've seen plenty of deployments at our customers. NAT is not the same as a firewall, so just using public IPv6 addresses does not mean that you are exposing every port by default. I think you should read up on IPv6 and firewalling before making statements like this :)

Edit: you don't even have to set up firewalling on each internal device.. the router/firewall blocks inbound traffic by default.

[-] t3rmit3@beehaw.org 1 points 2 hours ago* (last edited 1 hour ago)

So first off, I think it's safe to assume that the article is not about going and removing IPv4 on your company's corporate networks for a month, so I've been speaking in regards to home internet service.

NAT is not a firewall, but in normal use by the average home internet user it is a means to prevent computers outside of their network from reaching computers inside the network without ports being forwarded on the router, or the internal machine initiating the connection. If you do not have a firewall on the devices, and they are not behind a NAT gateway/router, then they are by default exposing ports. There's no inherent guarantee that a router has a firewall configured properly, or has it enabled.

I’ve never seen NAT in combination with IPv6 and I’ve seen plenty of deployments at our customers.

I'm interested in how this works. In a normal IPv4 scenario for home internet users, you are assigned a single IP for your router by your ISP, and internal addressing is usually handled by router-resident DHCP automatically. In the deployments you're seeing, are ISPs handing out /120 blocks to each router? Does that require the ISP to have access to alter your home router, or do customers configure the DHCP themselves (which seems unlikely to scale)?

[-] hendrik@palaver.p3x.de 2 points 4 hours ago

That's right. People want a firewall. Maybe on the devices and/or on the router. But NAT isn't that. It's address translation. Predominantly because there aren't enough addresses available. It's a workaround. And it kills things like VOIP, videoconferences, direct communication etc. And then you need a workaround for the workaround to work around that... If you just want to drop incoming traffic and not expose clients, that's what the firewall is for.

[-] Moonrise2473@feddit.it 1 points 14 hours ago

you connect your PC directly out of the link that the ISP is giving you (if allowed), for example via PPPoE

this post was submitted on 04 Dec 2024
57 points (100.0% liked)

Technology

37750 readers
418 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS