• frezik@midwest.social
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      5
      ·
      1 year ago

      And we’re still stuck on IPv4. Going to IPv6 would do a lot more than 1Gbps connections would.

        • frezik@midwest.social
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago
          • Better routing performance
          • No longer designing protocols that jump through hoops to deal with lack of direct addressing
          • MeanEYE@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            1 year ago

            Sorry to be the one to mention, but NAT is here to stay. Even if IPv6 has enough address space for everything to have a public address it’s still good security measure to have local area network that has a firewalled exit node. Especially considering how IoT has become popular and just how little people care about security of same devices.

            • frezik@midwest.social
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              No, stop this. NAT is not a security measure. It was not designed as one, and does not help security at all.

                • frezik@midwest.social
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 year ago

                  Because hiding addresses does very little. A gateway firewall does not need NAT to protect devices behind it.

                  In fact, NAT tends to make things more complicated, and complication is the enemy of security. It’s one extra thing that firewalls have to account for. Firewalls behind NAT also don’t know where traffic is originally coming from, meaning they have one less tool at their disposal. This gets even worse with CGNAT, which sometimes has multiple levels of NAT.

                  Security is a very common objection to getting rid of NAT, and it’s wrong.

                  • onlinepersona@programming.dev
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    ·
                    1 year ago

                    I’m curious and quite ignorant in networking, so excuse the questions.

                    How would the house devices communicate with each other?

                    In my home LAN behind a router and NAT, each device gets an internal IP thanks to DHCP. If I want to make my homeserver media server with DLNA available only internally, there’s nothing I have to do. Just start it up with 0.0.0.0 and it’ll be picked up (if I’m not mistaken by sending a multicast packet to the router). It’s then possible for any smart TV in my home to pick it up, and my phone or computer with VLC don’t need any configuration either.

                    And if I have a service that should be available to the world, port forwarding does it for me. Should a user want to torrent or use some P2P application, the router can also selectively enable UPnP to open ports for that user’s device. It’s not that complicated.

                    What is complicated that makes NAT worse for security? How would a gateway firewall improve it? Doesn’t it have to keep track of connections too in order to know what’s going on? For example just because a device (A) establishes a connection with an external one (B), doesn’t mean that another external device © is allowed to use that port to communicate with the the internal device (A).
                    What else besides address translation falls away if you remove NAT?

                  • MeanEYE@lemmy.world
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    1 year ago

                    I still consider it important part of the whole package. It’s not a be all end all solution but hiding your private network from outside world is a good first step. In situation you are describing DHCP would have to sit with ISP then, effectively giving them control over what you get to install at your home or limiting bandwidth of certain devices which is a huge issue. Of course you can do traffic shaping with NAT as well, but then whole connection has to be limited and not individual device. While NAT does complicate things a lot, and I mean a lot, it does provide a level of segregation and control which you can’t have otherwise.

                    So the choice boils down to either run Proxy/Gateway or NAT and latter is far easier for common user since routers come pre-configured. Or worst case scenario provide public IP to everything and mess around with gateway’s firewall to protect each individual device from outside.

          • lud@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago
            • No longer designing protocols that jump through hoops to deal with lack of direct addressing

            Fucking CGNAT…