[Info-vax] implementing IPv6 on the internet
Jan-Erik Soderholm
jan-erik.soderholm at telia.com
Wed Sep 21 17:14:21 EDT 2016
Den 2016-09-21 kl. 22:47, skrev David Froble:
> Scott Dorsey wrote:
>> David Froble <davef at tsoft-inc.com> wrote:
>>> I'm not anti-IPv6, just as I'm not anti-quadword. But from a practical
>>> perspective, I have to ask, how many people, organizations, etc; behind
>>> a IPv4 NAT router really need the extended address space. Right now, as
>>> you state, you can forward any ports to any device on today's NAT
>>> routers. So, what's the rush, for this issue anyway, for IPv6?
>>
>> If you have a dozen computers in a NATted subnet that want to connect out,
>> everything is great. They can all share one address.
>>
>> The problem is when you have more than one computer that wants to accept
>> connections in. Then it all falls apart.
>
> That's if you want to accept connections on the same port with multiple
> systems. While i haven't used it, the NAT routers I've got seem to be able
> to select the in-house system based upon incoming port number, and even
> re-direct that to a specific system and alternate port number.
>
>> Since NAT has become almost universal for home systems in the US, a lot of
>> systems now rely on horrible cheesy workarounds to deal with this. It would
>> be very good to get out of that situation.
Some routers can port forward to another port, some always
port forward using the same port number. In the later case
you have to have alternate ports on some servers if they
have the same service. Like alternates to 80 for web servers.
But all this discussion about servers behind NAT'et networks
probably is about 1 NAT'ed network out of 10.000. Most users
simply "surf the net" and read their mail and are happy. :-)
And they could not care less about IPv6... :-)
>
> I can agree.
>
>>> Now, where I do see a problem, and IPv6 will not address it if I
>>> understand it correctly, is that if some device can be accessed from
>>> outside, and it's not so secure, it's inside your router and can get at
>>> the rest of the devices on the internal network.
>>
>> Yes, but this is the case whether you are running IPv6 or IPv4. If it's not
>> so secure, don't allow incoming access to it.
>> --scott
>>
>
> Agree
More information about the Info-vax
mailing list