Comment Re: Absence?! (Score 2) 595
True, but I hope to see a proper multihoming standard. Prefix translation is ugly.
True, but I hope to see a proper multihoming standard. Prefix translation is ugly.
So you're cool with the Internet being forever limited to cat videos? The applications for the Internet were unforeseen. It changed the world in ways nobody could predict. IPv6 will pave the way for new applications in a way just as significant... But you can't see past today's furry thrills.
No my argument would be the equivalent of being against penicillin curing your infection but causing you to lose a leg... We have a better cure witbout the drawback.
Yes, the WEB works GREAT... I also use THE REST OF THE INTERNET.
IPv6 uses HEX: 2A
NAT was a direct response to address constraints. If it wasn't broken CGN would be the way forward.
Sorry, RFC-4941. Fat fingers.
I'm actually at the point where I sadly suspect I'll see IPv6 over LTE on my mobile devices before I see it at home via my ISP.
Right now - quite a bit - there are all sorts of mechanism that have to be worked around. Every spend any time troubleshooting SIP? Do you know why nobody does direct media?
Ever wonder why file transfers in instant messaging apps either work intermittently or perform slowly?
Ever see the layers of complexity we've built to do our best to work around such issues: STUN, UPNP, NAT-PT, ICE, ALGs... It's layers upon layers of cruft.
The prospects are awful.
The fact anything works at all is a testament to... something...
No, it's not a security benefit. It was not designed as such and it shows.
If it was, it wouldn't allow holes to be arbitrarily punched through by NAT-PMP, UPNP and other traversal mechanisms.
If you're relying on NAT for security, you're doing it wrong.
My source of sadness for years. I whine about this regularly. I know of no Canadian ISP doing proper native IPv6... Instead I have to rely on tunnels.
I was chatting with TekSavvy but they only provide a single
They're also only doing it no their DSL services which are substantially slower than I can get from Shaw.
It seems my only option is to hurry up and wait longer.
That's not a security benefit of NAT, that's a quirky side effect that would be better replaced with a proper stateful firewall.
Without NAT, you're still hitting the stateful firewall and default deny rule at the edge of my network... Most home routers should default to this sort of behaviour.
The difference is, I can open up as many ports as I need with no limitations. None of this crap with forwarding port 80 to one box and then... Oh, I need another web server... Hmm. 8080? Other random / arbitrarily selected ports? That sucks! It's broken.
The IPs I'm leaving in web server logs are also throw-away addresses - read up RFC-4961.
NAT has no security benefits. NAT's sole purpose is address scarcity. Firewalls are for firewalling. NAT is for breaking the pre-IPv6 internet out of necessity.
My home subnet is 2610:1e8:800:101::/64. Go ahead and tell me how many machines are in there...
I'll wait.
Absence of NAT is a feature! If not THE feature of IPv6!
"I've seen it. It's rubbish." -- Marvin the Paranoid Android