this post was submitted on 19 Jun 2024
314 points (85.7% liked)

Programmer Humor

19555 readers
1197 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 

Today in our newest take on "older technology is better": why NAT rules!

you are viewing a single comment's thread
view the rest of the comments
[–] FrostyCaveman@lemm.ee 3 points 4 months ago (1 children)

Ahh, woah, I never thought about the huge address space would affect network scans and such.

With NAT on IPv4 I set up port forwarding at my router. Where would I set up the IPv6 equivalent?

I guess assumptions I have at the moment are that my router is a designated appliance for networking concerns and doing all the config there makes sense, and secondly any client device to be possibly misconfigured. Or worse, it was properly configured by me but then the OS vendor pushed an update and now it’s misconfigured again.

[–] domi@lemmy.secnd.me 5 points 4 months ago

With NAT on IPv4 I set up port forwarding at my router. Where would I set up the IPv6 equivalent?

The same thing, except for the router translating 123.123.123.123 to 192.168.0.250 it will directly route abcd:abcd::beef to abcd:abcd::beef.

Assuming you have multiple hosts in your IPv6 network you can simply add "port forwardings" for each of them. Which is another advantage for IPv6, you can port forward the same port multiple times for each of your hosts.

I guess assumptions I have at the moment are that my router is a designated appliance for networking concerns and doing all the config there makes sense, and secondly any client device to be possibly misconfigured. Or worse, it was properly configured by me but then the OS vendor pushed an update and now it’s misconfigured again.

That still holds true, the router/firewall has absolute control over what goes in and out of the network on which ports and for which hosts. I would never expose a client directly to the internet, doesn't matter if IPv4 or IPv6. Even servers are not directly exposed, they still go through firewalls.