New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
To be honest, I haven't used IPv6 and I don't know anything about deploying it. If anyone knows of an easy to understand primer on it and how to let those on IPv4 access IPv6 servers, I would appreciate it very much.
You put an IPv6 address on your box in addition to your IPv4 and voila!
My basic understanding is that the traffic is routed differently? Also, is there anything special about DNS that is different from IPv4?
It's still routed by subnets though they're much larger. You can't get from IPv4<-->IPv6 ( this is not true but you're not going to do it ).
IPv6 addresses are AAAA in DNS ( 4x the address space so four A's instead of one ).
Am I the only one who don't understand ipv6. It has far too many digits and characters to remember.
https://tunnelbroker.net/ - if you want to put v6 on your whole network (not recommended)
I've got v6 where I need it but I have a wireguard VPN setup for when I'm somewhere without v6. I have a couple different configs that push all v4/v6 routes over the tunnel, all v6, or just v6 ranges that I control (servers).
I don't understand it either. Trying to understand it.
I'd be interested in what you're doing there. You have anything written down publicly?
Thanks for the consolation
Honestly, unless you're in a position where you need to troubleshoot it there's not that much you need to know different. As @hzr noted earlier, you're probably using IPv6 without knowing it on your phone.
( Edited to credit hzr )
No, don't got anything written down. The basic server and client setup are pretty straightforward, here's a good video that breaks that down:
For v6 you basically need to add some local v6 IPs in the address section on the server + client conf and duplicate the NAT rules for ip6tables, as well as allowing v6 forwarding in sysctl.conf.
Looks like this guide touches on those parts: https://angristan.xyz/how-to-setup-vpn-server-wireguard-nat-ipv6/
That's what DNS is for.
its the same as with green energy, its a good idea, but not really needed yet, and well it will be more profitable to solve this solution when the people start to panic, now ipv6 is pretty cheap, so there is no interest in adopting it
in the new world its all about profit, not evolution
Excellent, TY. I'll check it out.
Nope. Assuming your firewall is properly configured (and they tend to have good default settings), NAT doesn't help you the tiniest bit.
@rcxb
I would have technical response for you but frankly, I'm getting tired of discussions that end looking like "I'm right" - "No, I'm right" so I'll leave it at that.
Regarding the NAT thing (whether it provides security or not) I tend to argue that NAT is crap and I would love to see it disappear with IPv6. However most of the time we talk about NAT we actually mean PAT as well (not only translating IP addresses on L3 but also port numbers on L4), more specific dynamic port translation or overloading like some vendor used to say. In order to perform that dynamic PAT you are required to work stateful. So fortunatelly stateful firewalls became standard on edge gateways. And this is where you security comes from. If we keep the stateful firewall feature only allowing connections to be initiated in outbound direction, you can get rid of all that NAT/PAT and still enjoy the same level of security. You have a good level of implicit/automatic security when using NAT - but it is not because of the NAT.
TL;DR: No to NAT/PAT, Yes to stateful firewalling only allowing outbound connections.
It does. A NAT will stop inbound connections as there is no routing table defined by default to state where the connection will go after it goes to a NAT network.
And here I thought you'll provide a elaboration on NAT vs Firewall and how NAT plays a role in network security.
@dfroe, you use PAT to do port-forwarding.
So why do you need to do port forwarding? Why is it that NAT blocks all incoming requests regardless of whether firewall is on or off? If you can answer this question, you'll understand why NAT is "secure" to a certain degree (compared to direct IP)