Today in our newest take on “older technology is better”: why NAT rules!

  • @[email protected]
    link
    fedilink
    45 months ago

    But IPv4 addresses are easier to remember!

    /s

    I could see a point of having home networks stay on IPv4 and NAT with an external v6 address.

    That would keep the current security model for home networks where we can assume general tech litteracy is low.

    • @[email protected]
      link
      fedilink
      45 months ago

      That is not how it works. You can have a home network on ipv6. And it can reach all of ipv4 via nat ( just like ipv4 do today). A net with only ipv4 can not reach any ipv6 without a proxy that terminst the v4 connection and make a new v6 connection. since ipv6 is backwards compatible. But ipv4 is naturally not forwards compatible.

      Also it is the default deny of the stateful firewall that always coexist with NAT, since NAT depends on that state, that is the security in a NAT router.
      That default deny is not in any way dependant on the NAT part.

        • @[email protected]
          link
          fedilink
          35 months ago

          If there is a ipv6 service online. That you want to reach from a v4 only client. You can set up a fixed 1:1 nat on your firewall where you define a fake internal ipv4 address -> destination NAT onto the public ipv6 address of the service. And SRC NAT64 embed your clients internal v4 into the source ipv6 for the return traffic. And provide a internal dns view A record pointing to the fake internal ip record. It would work, but does not scale very well. Since you would have to set this up for every ipv6 ip.

          A better solution would be to use a dualstack SOCKS5 proxy with dns forwarding where the client would use the IPv6 of the proxy for the connection. But that does not use NAT tho.

          The best solution is to deploy IPv6 ofcourse. ;)

        • Gamma
          link
          fedilink
          English
          15 months ago

          You could still NAT between v6’s though.