this post was submitted on 13 Jul 2023
116 points (95.3% liked)

Selfhosted

40154 readers
615 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

The question above for the most part, been reading up on it. Also want to it for learning purposes.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 6 points 1 year ago (1 children)

Haha, no not really. IPv6 has the ability to provide public IP address for each device, but that doesn't mean it will have to. Other than number of possible addresses, nothing is different. Routing, firewalls, NATs, etc. All remains the same.

[–] [email protected] 1 points 1 year ago (3 children)

IPv6 doesn't support NAT... Or am I woefully out of date.

But your home router will just firewall like it does already but you don't have NAT as a simple fall back for "security". It does make running internal services much easier as you no long need to port forward. So you can run two webservers on port 80 and they be bother allowed inbound without doing horrible load balance or NAT translation.

[–] [email protected] 6 points 1 year ago (2 children)

IPv6 has NPTv6, which allows you to translate from one prefix into another.

Useful if you've got dual WAN, and can't advertise your own addressing via the ISP. You can use NPTv6 to translate between your local prefix and the public prefixes. But NPTv6 is completely stateless. It's literally a 1:1 mapping between the prefixes.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

IPv6 has both NAT66 and NPTv6. (Note that NPTv6 was once called NAT66 too, but I am referring to the "stateful, one-to-many" NAT66 here. Yeah, it's confusing.) NAT66 is more like the traditional stateful NAT that all of us know and understand.

[–] [email protected] 1 points 1 year ago
[–] [email protected] 3 points 1 year ago

Ipv6 doesn't need NAT

[–] [email protected] 1 points 1 year ago (1 children)

The router does have a firewall but it blocks everything inbound by default. Some routers (at least mine) do not offer the granularity to filter traffic for certain devices (no NAT either). It's either allow all in or nothing.

When you enable IPv6 and switch off the firewall (since you can't host anything otherwise), every device becomes exposed to the internet.

Then unless the devices have a firewall themselves, all is exposed. Not just the web services, ssh and the rest as well.

[–] [email protected] 1 points 1 year ago

There was a way around it however but not something everyone will be able to do with their home router. I had to ssh to the router using ISP admin credentials leaked on the internet, then create a file in init.d that loads a custom iptables file with the firewall rules I needed for IPv6. NAT for IPv6 however was not supported by the kennel used for my router.