this post was submitted on 10 Nov 2024
32 points (92.1% liked)
Explain Like I'm Five
14274 readers
64 users here now
Simplifying Complexity, One Answer at a Time!
Rules
- Be respectful and inclusive.
- No harassment, hate speech, or trolling.
- Engage in constructive discussions.
- Share relevant content.
- Follow guidelines and moderators' instructions.
- Use appropriate language and tone.
- Report violations.
- Foster a continuous learning environment.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
IPv6 has several changes to the specification, but since this is ELI5:
When you were a child, your friends would call your house and a parent would answer the phone. They'd ask to talk to you, and your parents would hand the phone off to you. That might have been because you were too young to have a phone, but IPv4 with NAT works the same way because there are so many "houses" and only enough phone numbers for the houses, not all the people that live in them.
For IPv6 it's like your friends can call you directly on your cell phone. And they can call your brothers and sisters, your cat, your dog, your TV, your refrigerator, and the backyard squirrels. There are so many phone numbers that everyone can have their own.
I didn't know about that part, doesn't that make it necessary for everyone to have a firewall? What's stopping someone from port scaning my Chinese smart microwave and attack it?
NAT sort of accidentally includes what is called a "stateful firewall". It blocks inbound connections because it doesn't know where they should go. IPv6 eliminates the need for NAT but doesn't prevent stateful firewalls. It is just as easy to implement stateful firewalls (actually a bit easier) for IPv6 without NAT. The difference is that the choice is yours, rather than being a technical limitation.
For example if I had a smart microwave I would want to ensure that there is some sort of firewall (or more likely for me not connect it to the internet at all, but I digress). However I may want my gaming computer to be directly accessible so that my friends can connect to my game without going through some third-party relay, or maybe my voice chat can be direct between me and my friends for extra privacy and better latency.
Also relying on network-level protection like this is a good idea in general. Eventually a friend is going to come over with an infected network and connect to your WiFi. With just NAT this will allow the malware on their computer to access your microwave as they are "inside the NAT". If you were applying a proper stateful firewall you would likely apply it to all traffic, not just internet traffic.