[Info-vax] implementing IPv6 on the internet

Jan-Erik Soderholm jan-erik.soderholm at telia.com
Wed Sep 21 12:55:43 EDT 2016


Den 2016-09-21 kl. 18:13, skrev Dirk Munk:
> Jan-Erik Soderholm wrote:
>> Den 2016-09-21 kl. 15:07, skrev Dirk Munk:
>>> Jan-Erik Soderholm wrote:
>>>> Den 2016-09-21 kl. 14:28, skrev Dirk Munk:
>>>>> Chris wrote:
>>>>>> On 09/21/16 12:00, Richard Levitte wrote:
>>>>>>
>>>>>>>
>>>>>>> No.  NAT was never designed for network security, but
>>>>>> can be used as a cheap'n'dirty piece of shit firewall.
>>>>>>>
>>>>>>> With IPv6, you'll have to do firewalling for real.
>>>>>>>
>>>>>>> Cheers,
>>>>>>> Richard
>>>>>>
>>>>>> Just another opinion and whatever it was originally designed for,
>>>>>> it's turned out to be quite a sound and cost effective solution
>>>>>> to the problem.
>>>>>>
>>>>>> With IPV6, just what is meant by "firewalling for real" ?...
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Chris
>>>>>>
>>>>>>
>>>>>
>>>>> I've explained that already. By default IPv6 access from the
>>>>> internet is
>>>>> blocked on a CE router.
>>>>>
>>>>> If you want to allow access to an IPv6 device on your LAN, you have to
>>>>> configure on your router access to that IPv6 address *and* to the
>>>>> appropriate ports.
>>>>
>>>> Do you have any reference to such an router? I'd just like
>>>> to read up some on what it looks like in the router GUI
>>>> then doing the config work.
>>>
>>> Yes, by far the best routers in this respect are Fritz!box routers
>>> made by
>>> AVM in Berlin.
>>> This is the address of the Swedish distributor:
>>>
>>> http://www.datanat.se/egensida/avm-ac-n-1300mbps-routers/529
>>>
>>> I don't think there is a Swedish manual, but you can find a English
>>> manual
>>> on their web site.
>>>
>>>>
>>>> And what about some non-technical customer that just would
>>>> like to have access to some IPv6 home security device?
>>>> Is it easy enough for non-technical people to use?
>>>
>>> Well, if they can setup port forwarding with IPv4, then I see no
>>> reason why
>>> you can't do it with IPv6.
>>
>> Yes, but my point is that most users can't no matter the IP version. :-)
>> Even IPv4 port forwarding is way above the majority of users.
>> That is why new "home" devices in many cases uses help from
>> an internet server that handles the IP addresses and ports.
>> Like TeamViewer works, it works client-to-client without any
>> port forwarding at any end (both can be behind NAT routers).
>>
>
> I had a look at TeamViewer, and I'm sure it will be useful for certain
> purposes.
>
> However why it should be simpler then opening a port escapes me, it is
> quite a big software package.

It is way easier to use then managing a router. And what the
heck does the size of the package/download has to do with that?


>
> Furthermore I doubt if it even knows about IPv6, most likely it just IPv4
> aware.
>
> And I very much doubt if consumers will want to pay €360 per year for
> TeamViewer.
>

You are totally missing the point. I'm not sure that it is worth
trying, but anyway...

1'st, Teamviewer is free for the basic functionallity, but irrelevant.

2'nd, TW was only mentioned as an example of how communication
between clients behind NAT'ed routers is solved without forcing
the user to learn about "port forwarding".

There are also other equipments (home security, home automation)
that works in very much the same way. The equipment annonces itself
to some service on the net, and your client (like phone app) asks
this server for the actual IP/port to use. (The the domain has
been resolved to an IP is totaly irrelevant).



>>>
>>>>
>>>> Today, that is solved by having the device announcing itself
>>>> to some publicaly available server where the user from the
>>>> "outside" can get the IP and port to access the device.
>>>> Like TeamViewer does today.
>>>>
>>>> I guess there will be similar solutions using IPv6 also,
>>>> since that is much easier to use for non-tech people.
>>>> You never see or have to know any IP addresses at all.
>>>
>>> You will not use IP addresses, more likely DNS names.
>>
>> Doesn't make any difference, if you haven't "opened" your
>> router for the traffic a domain name will not get you
>> anywhere.
>>
>>
>>>
>>>>
>>>>
>>>>
>>>>>
>>>>> With IPv4 you have to route a port number on the WAN port of your
>>>>> router to
>>>>> an IPv4 address and port on the LAN. (port forwarding)
>>>>>
>>>>> No real difference.
>>>>
>>>
>>
>




More information about the Info-vax mailing list