[Info-vax] implementing IPv6 on the internet
Jan-Erik Soderholm
jan-erik.soderholm at telia.com
Wed Sep 21 13:32:15 EDT 2016
Den 2016-09-21 kl. 19:27, skrev Dirk Munk:
> Jan-Erik Soderholm wrote:
>> Den 2016-09-21 kl. 18:13, skrev Dirk Munk:
>>> Jan-Erik Soderholm wrote:
>>>> Den 2016-09-21 kl. 15:07, skrev Dirk Munk:
>>>>> Jan-Erik Soderholm wrote:
>>>>>> Den 2016-09-21 kl. 14:28, skrev Dirk Munk:
>>>>>>> Chris wrote:
>>>>>>>> On 09/21/16 12:00, Richard Levitte wrote:
>>>>>>>>
>>>>>>>>>
>>>>>>>>> No. NAT was never designed for network security, but
>>>>>>>> can be used as a cheap'n'dirty piece of shit firewall.
>>>>>>>>>
>>>>>>>>> With IPv6, you'll have to do firewalling for real.
>>>>>>>>>
>>>>>>>>> Cheers,
>>>>>>>>> Richard
>>>>>>>>
>>>>>>>> Just another opinion and whatever it was originally designed for,
>>>>>>>> it's turned out to be quite a sound and cost effective solution
>>>>>>>> to the problem.
>>>>>>>>
>>>>>>>> With IPV6, just what is meant by "firewalling for real" ?...
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>>
>>>>>>>> Chris
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> I've explained that already. By default IPv6 access from the
>>>>>>> internet is
>>>>>>> blocked on a CE router.
>>>>>>>
>>>>>>> If you want to allow access to an IPv6 device on your LAN, you
>>>>>>> have to
>>>>>>> configure on your router access to that IPv6 address *and* to the
>>>>>>> appropriate ports.
>>>>>>
>>>>>> Do you have any reference to such an router? I'd just like
>>>>>> to read up some on what it looks like in the router GUI
>>>>>> then doing the config work.
>>>>>
>>>>> Yes, by far the best routers in this respect are Fritz!box routers
>>>>> made by
>>>>> AVM in Berlin.
>>>>> This is the address of the Swedish distributor:
>>>>>
>>>>> http://www.datanat.se/egensida/avm-ac-n-1300mbps-routers/529
>>>>>
>>>>> I don't think there is a Swedish manual, but you can find a English
>>>>> manual
>>>>> on their web site.
>>>>>
>>>>>>
>>>>>> And what about some non-technical customer that just would
>>>>>> like to have access to some IPv6 home security device?
>>>>>> Is it easy enough for non-technical people to use?
>>>>>
>>>>> Well, if they can setup port forwarding with IPv4, then I see no
>>>>> reason why
>>>>> you can't do it with IPv6.
>>>>
>>>> Yes, but my point is that most users can't no matter the IP version. :-)
>>>> Even IPv4 port forwarding is way above the majority of users.
>>>> That is why new "home" devices in many cases uses help from
>>>> an internet server that handles the IP addresses and ports.
>>>> Like TeamViewer works, it works client-to-client without any
>>>> port forwarding at any end (both can be behind NAT routers).
>>>>
>>>
>>> I had a look at TeamViewer, and I'm sure it will be useful for certain
>>> purposes.
>>>
>>> However why it should be simpler then opening a port escapes me, it is
>>> quite a big software package.
>>
>> It is way easier to use then managing a router. And what the
>> heck does the size of the package/download has to do with that?
>>
>
> Lots of configuration possibilities? Lots of things to read?
Nop. Close to nothing. Just run, and pass the "user" and "pw"
to your partner that then can connect to your system.
I use TW to support my mother with her laptop.
It sounds as you haven't use TW at all...
>
>>
>>>
>>> Furthermore I doubt if it even knows about IPv6, most likely it just IPv4
>>> aware.
>>>
>>> And I very much doubt if consumers will want to pay €360 per year for
>>> TeamViewer.
>>>
>>
>> You are totally missing the point. I'm not sure that it is worth
>> trying, but anyway...
>>
>> 1'st, Teamviewer is free for the basic functionallity, but irrelevant.
>
> Nice, but I had a short look and saw "buy" with €360 per year as cheapest
> option.
Look for "download" instead. :-)
>
>>
>> 2'nd, TW was only mentioned as an example of how communication
>> between clients behind NAT'ed routers is solved without forcing
>> the user to learn about "port forwarding".
>
> Fine, but it still assumes both end-points have TeamViewer.
Of course! That's is the whole point with TeamViewer.
I think you are still misunderstanding.
>
>>
>> There are also other equipments (home security, home automation)
>> that works in very much the same way. The equipment annonces itself
>> to some service on the net, and your client (like phone app) asks
>> this server for the actual IP/port to use. (The the domain has
>> been resolved to an IP is totaly irrelevant).
>>
>>
>
> I know, but then you're always dependant on some other service.
>
Doesn't matter. Still far easier then configuring a router.
More information about the Info-vax
mailing list