Whether you’re really passionate about RPC, MQTT, Matrix or wayland, tell us more about the protocols or open standards you have strong opinions on!

    • Alk@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      8 months ago

      My isp decided to put me behind a CGNAT and broke my access to my network from outside my network. Wanted to charge me $5 a month to get around it. It’s not easy to get around for a layman, but possible. More than anything it just pissed me off that I’d have to pay for something that 1 day ago was free.

        • Alk@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          8 months ago

          Set up a reverse proxy on another machine (like one of those free oracle cloud things). I can’t go into detail because I don’t know exactly how. I think cloudflare also has options for that for free. Either way it’s annoying.

          • ChilledPeppers@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            8 months ago

            Cloudflare tunnel, and its alternatives, such as localXpose, altho the privacy is probably questionable, and a many of them require a domain.

      • cmnybo@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        22
        arrow-down
        3
        ·
        8 months ago

        NAT is not for security, that’s what the firewall is for. Nobody can access your IPv6 network unless you allow access through the firewall.

      • lemmyvore@feddit.nl
        link
        fedilink
        English
        arrow-up
        15
        arrow-down
        1
        ·
        8 months ago

        You’re thinking of a firewall. NAT is just the thing that makes a connection appear to come from an IP on the internet when it’s really coming from your router, and it’s not needed with IPv6. But you would not see any difference with IPv6 without it.

        • Dave.@aussie.zone
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          8 months ago

          You’re thinking of a firewall. NAT is just the thing that makes a connection appear to come from…

          That connection only “appears to come from” if I explicitly put a rule in my NAT table directing it to my computer behind the router doing the NAT-ing.

          Otherwise all connections through NAT are started from internal->external network requests and the state table in NAT keeps track of which internal IP is talking to which external IP and directs traffic as necessary.

          So OP is correct, it does apply a measure of security. Port scanning someone behind NAT isn’t possible, you just end up port scanning their crappy NAT router provided by their ISP unless they have specifically opened up some ports and directed them to their internal IP address.

          Compare this to IPV6 where you get a slice of the public address space to place your devices in and they are all directly addressable. In that case your crappy ISP router also is a “proper” firewall. Strangely enough it usually is a “stateful” firewall with default deny-all rules that tracks network connections and looks and performs almost exactly like the NAT version, just without address translation.

          • Domi@lemmy.secnd.me
            link
            fedilink
            arrow-up
            2
            ·
            8 months ago

            So OP is correct, it does apply a measure of security. Port scanning someone behind NAT isn’t possible, you just end up port scanning their crappy NAT router provided by their ISP unless they have specifically opened up some ports and directed them to their internal IP address.

            You end up just port scanning their crappy router on IPv6 as well because ports that are not opened are stuck at the firewall either way, no matter if you use IPv4 or IPv6.

            Just because every device gets a public IP does not mean that IP is publicly accessible.

            An advantage that IPv6 has against port scanning is the absurdly large network sizes. For example, my ISP gives me a /56 prefix, that is 4,722,366,482,869,645,213,696 IPv6 addresses. Good luck finding the used ones with the port open you need.

            Even with just a /64 prefix you get 18,446,744,073,709,551,616 addresses, way outside the feasibility of port scanning.

          • KillingTimeItself@lemmy.dbzer0.com
            cake
            link
            fedilink
            English
            arrow-up
            1
            ·
            8 months ago

            Compare this to IPV6 where you get a slice of the public address space to place your devices in and they are all directly addressable. In that case your crappy ISP router also is a “proper” firewall. Strangely enough it usually is a “stateful” firewall with default deny-all rules that tracks network connections and looks and performs almost exactly like the NAT version, just without address translation.

            realistically, it wouldnt surprise me if ISPs started NATing on residential IPV6 networks, just for the simplicity, but still allowed end users to assign their own IPs if they so pleased. Given the surge in shitty IOT devices, that’s probably a good thing for most people. Though a firewall would also accomplish this as well.

      • frezik@midwest.social
        link
        fedilink
        arrow-up
        2
        ·
        8 months ago

        No. Stop spreading that myth. NAT does fuck all for security. If you want a border gateway, you can just have a border gateway.