[Info-vax] implementing IPv6 on the internet

johnwallace4 at yahoo.co.uk johnwallace4 at yahoo.co.uk
Wed Sep 21 16:27:23 EDT 2016


On Wednesday, 21 September 2016 17:13:38 UTC+1, Dirk Munk  wrote:
> Jan-Erik Soderholm wrote:
> > Den 2016-09-21 kl. 15:07, skrev Dirk Munk:
> >> Jan-Erik Soderholm wrote:
> >>> Den 2016-09-21 kl. 14:28, skrev Dirk Munk:
> >>>> Chris wrote:
> >>>>> On 09/21/16 12:00, Richard Levitte wrote:
> >>>>>
> >>>>>>
> >>>>>> No.  NAT was never designed for network security, but
> >>>>> can be used as a cheap'n'dirty piece of shit firewall.
> >>>>>>
> >>>>>> With IPv6, you'll have to do firewalling for real.
> >>>>>>
> >>>>>> Cheers,
> >>>>>> Richard
> >>>>>
> >>>>> Just another opinion and whatever it was originally designed for,
> >>>>> it's turned out to be quite a sound and cost effective solution
> >>>>> to the problem.
> >>>>>
> >>>>> With IPV6, just what is meant by "firewalling for real" ?...
> >>>>>
> >>>>> Regards,
> >>>>>
> >>>>> Chris
> >>>>>
> >>>>>
> >>>>
> >>>> I've explained that already. By default IPv6 access from the
> >>>> internet is
> >>>> blocked on a CE router.
> >>>>
> >>>> If you want to allow access to an IPv6 device on your LAN, you have to
> >>>> configure on your router access to that IPv6 address *and* to the
> >>>> appropriate ports.
> >>>
> >>> Do you have any reference to such an router? I'd just like
> >>> to read up some on what it looks like in the router GUI
> >>> then doing the config work.
> >>
> >> Yes, by far the best routers in this respect are Fritz!box routers
> >> made by
> >> AVM in Berlin.
> >> This is the address of the Swedish distributor:
> >>
> >> http://www.datanat.se/egensida/avm-ac-n-1300mbps-routers/529
> >>
> >> I don't think there is a Swedish manual, but you can find a English
> >> manual
> >> on their web site.
> >>
> >>>
> >>> And what about some non-technical customer that just would
> >>> like to have access to some IPv6 home security device?
> >>> Is it easy enough for non-technical people to use?
> >>
> >> Well, if they can setup port forwarding with IPv4, then I see no
> >> reason why
> >> you can't do it with IPv6.
> >
> > Yes, but my point is that most users can't no matter the IP version. :-)
> > Even IPv4 port forwarding is way above the majority of users.
> > That is why new "home" devices in many cases uses help from
> > an internet server that handles the IP addresses and ports.
> > Like TeamViewer works, it works client-to-client without any
> > port forwarding at any end (both can be behind NAT routers).
> >
> 
> I had a look at TeamViewer, and I'm sure it will be useful for certain 
> purposes.
> 
> However why it should be simpler then opening a port escapes me, it is 
> quite a big software package.
> 
> Furthermore I doubt if it even knows about IPv6, most likely it just 
> IPv4 aware.
> 
> And I very much doubt if consumers will want to pay €360 per year for 
> TeamViewer.
> 
> >>
> >>>
> >>> Today, that is solved by having the device announcing itself
> >>> to some publicaly available server where the user from the
> >>> "outside" can get the IP and port to access the device.
> >>> Like TeamViewer does today.
> >>>
> >>> I guess there will be similar solutions using IPv6 also,
> >>> since that is much easier to use for non-tech people.
> >>> You never see or have to know any IP addresses at all.
> >>
> >> You will not use IP addresses, more likely DNS names.
> >
> > Doesn't make any difference, if you haven't "opened" your
> > router for the traffic a domain name will not get you
> > anywhere.
> >
> >
> >>
> >>>
> >>>
> >>>
> >>>>
> >>>> With IPv4 you have to route a port number on the WAN port of your
> >>>> router to
> >>>> an IPv4 address and port on the LAN. (port forwarding)
> >>>>
> >>>> No real difference.
> >>>
> >>
> >

Consumers (personal/home use) don't currently have to pay
for TeamViewer at all. Except in the sense of having their
accounts and/or machine details leaked when TeamViewer's
servers have a bad security day:
http://www.bbc.co.uk/news/technology-36459015

The bit about home users not paying money may change. The
bit about not really trusting a third party with account
details etc seems likely for the foreseeable future.




More information about the Info-vax mailing list