this post was submitted on 13 Jul 2023
116 points (95.3% liked)

Selfhosted

39893 readers
468 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

The question above for the most part, been reading up on it. Also want to it for learning purposes.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] -3 points 1 year ago (2 children)

And the biggest disadvantage of IPv6 is that each of your internal devices has its own address and can be directly accessible from outside. So you need to completely rethink how you do security.

[–] [email protected] 6 points 1 year ago (1 children)

Isn't that what tburkhol addressed in their first paragraph? Or are you suggesting further steps than just putting those devices behind NAT? I am not at all trying to be snarky, I actually want to know more about this.

[–] [email protected] 2 points 1 year ago

You don't need to use nat on ipv6. Most routers are based on Linux and there you have conntrack.

With that you can configure by default outgoing only connections just like nat and poke holes in the firewall for the ports you want specifically.

Also windows and I think Linux use ipv6 privacy extensions by default. That means that while you can assign a fixed address and run services, it will assign random ip addresses within your (usually) /64 allocation for outgoing connections. So people can't identify you and try to connect back to your ip with a port scanner etc.

All the benefits of nat with none of the drawbacks.

[–] [email protected] 5 points 1 year ago (2 children)

And can be identified/tracked individually by outside entities. In IPv4, a website sees both my device and my kid's device as the same IP. In IPv6 they're different so this just provides more ways for them to track you.

[–] [email protected] 3 points 1 year ago

First of all they use much more than the device IP to identify individual devices. IPv4 is no longer all that useful for identification with things like CGNAT being common.

But with IPv6 they'll see my device IP, then they'll see the same device with completely different IP, then again. Same for my kid's device. But again, all of the above applies. It is a concern, but there are much better ways of tracking you anyways.

[–] [email protected] 3 points 1 year ago

That's the reason for rcf 4941. It randomises the host part of your IPv6 address.

https://datatracker.ietf.org/doc/html/rfc4941