[Info-vax] implementing IPv6 on the internet

Wed Sep 21 12:13:36 EDT 2016

Jan-Erik Soderholm wrote:
> Den 2016-09-21 kl. 15:07, skrev Dirk Munk:
>> Jan-Erik Soderholm wrote:
>>> Den 2016-09-21 kl. 14:28, skrev Dirk Munk:
>>>> Chris wrote:
>>>>> On 09/21/16 12:00, Richard Levitte wrote:
>>>>>
>>>>>>
>>>>>> No.  NAT was never designed for network security, but
>>>>> can be used as a cheap'n'dirty piece of shit firewall.
>>>>>>
>>>>>> With IPv6, you'll have to do firewalling for real.
>>>>>>
>>>>>> Cheers,
>>>>>> Richard
>>>>>
>>>>> Just another opinion and whatever it was originally designed for,
>>>>> it's turned out to be quite a sound and cost effective solution
>>>>> to the problem.
>>>>>
>>>>> With IPV6, just what is meant by "firewalling for real" ?...
>>>>>
>>>>> Regards,
>>>>>
>>>>> Chris
>>>>>
>>>>>
>>>>
>>>> I've explained that already. By default IPv6 access from the
>>>> internet is
>>>> blocked on a CE router.
>>>>
>>>> If you want to allow access to an IPv6 device on your LAN, you have to
>>>> configure on your router access to that IPv6 address *and* to the
>>>> appropriate ports.
>>>
>>> Do you have any reference to such an router? I'd just like
>>> to read up some on what it looks like in the router GUI
>>> then doing the config work.
>>
>> Yes, by far the best routers in this respect are Fritz!box routers
>> made by
>> AVM in Berlin.
>> This is the address of the Swedish distributor:
>>
>> http://www.datanat.se/egensida/avm-ac-n-1300mbps-routers/529
>>
>> I don't think there is a Swedish manual, but you can find a English
>> manual
>> on their web site.
>>
>>>
>>> And what about some non-technical customer that just would
>>> like to have access to some IPv6 home security device?
>>> Is it easy enough for non-technical people to use?
>>
>> Well, if they can setup port forwarding with IPv4, then I see no
>> reason why
>> you can't do it with IPv6.
>
> Yes, but my point is that most users can't no matter the IP version. :-)
> Even IPv4 port forwarding is way above the majority of users.
> That is why new "home" devices in many cases uses help from
> an internet server that handles the IP addresses and ports.
> Like TeamViewer works, it works client-to-client without any
> port forwarding at any end (both can be behind NAT routers).
>

I had a look at TeamViewer, and I'm sure it will be useful for certain 
purposes.

However why it should be simpler then opening a port escapes me, it is 
quite a big software package.

Furthermore I doubt if it even knows about IPv6, most likely it just 
IPv4 aware.

And I very much doubt if consumers will want to pay €360 per year for 
TeamViewer.

>>
>>>
>>> Today, that is solved by having the device announcing itself
>>> to some publicaly available server where the user from the
>>> "outside" can get the IP and port to access the device.
>>> Like TeamViewer does today.
>>>
>>> I guess there will be similar solutions using IPv6 also,
>>> since that is much easier to use for non-tech people.
>>> You never see or have to know any IP addresses at all.
>>
>> You will not use IP addresses, more likely DNS names.
>
> Doesn't make any difference, if you haven't "opened" your
> router for the traffic a domain name will not get you
> anywhere.
>
>
>>
>>>
>>>
>>>
>>>>
>>>> With IPv4 you have to route a port number on the WAN port of your
>>>> router to
>>>> an IPv4 address and port on the LAN. (port forwarding)
>>>>
>>>> No real difference.
>>>
>>
>