Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
Haha, no not really. IPv6 has the ability to provide public IP address for each device, but that doesn't mean it will have to. Other than number of possible addresses, nothing is different. Routing, firewalls, NATs, etc. All remains the same.
IPv6 doesn't support NAT... Or am I woefully out of date.
But your home router will just firewall like it does already but you don't have NAT as a simple fall back for "security". It does make running internal services much easier as you no long need to port forward. So you can run two webservers on port 80 and they be bother allowed inbound without doing horrible load balance or NAT translation.
IPv6 has NPTv6, which allows you to translate from one prefix into another.
Useful if you've got dual WAN, and can't advertise your own addressing via the ISP. You can use NPTv6 to translate between your local prefix and the public prefixes. But NPTv6 is completely stateless. It's literally a 1:1 mapping between the prefixes.
IPv6 has both NAT66 and NPTv6. (Note that NPTv6 was once called NAT66 too, but I am referring to the "stateful, one-to-many" NAT66 here. Yeah, it's confusing.) NAT66 is more like the traditional stateful NAT that all of us know and understand.
TIL. Thanks!
Ipv6 doesn't need NAT
The router does have a firewall but it blocks everything inbound by default. Some routers (at least mine) do not offer the granularity to filter traffic for certain devices (no NAT either). It's either allow all in or nothing.
When you enable IPv6 and switch off the firewall (since you can't host anything otherwise), every device becomes exposed to the internet.
Then unless the devices have a firewall themselves, all is exposed. Not just the web services, ssh and the rest as well.
There was a way around it however but not something everyone will be able to do with their home router. I had to ssh to the router using ISP admin credentials leaked on the internet, then create a file in init.d that loads a custom iptables file with the firewall rules I needed for IPv6. NAT for IPv6 however was not supported by the kennel used for my router.