On 2023-04-29 02:19, Lew Wolfgang wrote:
On 4/28/23 13:29, Carlos E. R. wrote:
On 2023-04-28 20:28, Lew Wolfgang wrote:
On 4/28/23 09:57, Carlos E. R. wrote:
On Friday, 2023-04-28 at 09:39 -0700, Lew Wolfgang wrote:
On 4/28/23 09:01, Per Jessen wrote:
Lew Wolfgang wrote:
* avoid problems when the ipv4 pool is exhausted.
But that's why God invented NAT!
NAT is a royal PITA.
Hasn't been a PITA for me, or any of my users that I know of.
You are simply used to it.
Maybe. I haven't had to touch it in years.
Because you are not setting up new services or connections.
Sure, it's problematic if you want to run a server open to the public. But that's most likely problematic with your ISP's AUP anyway.
We accept it because there is, there wasn't, no alternative.
One alternative is to use your Linux box as your router. You could open up the appropriate ports in your host-based firewall, and NAT to your internal networks through additional Ethernet ports.
And NAT. Not direct. That's the issue.
Why do you want direct? What are you lacking now?
Because I can. Because that is what Internet was designed for. No intermediaries.
Granted, your situation might be different, but in my case I have one hot Ethernet port on my cable modem that I can connect either to my Zyxel router, or if I wanted, to my Linux desktop. I think I understand that you have a different situation? Do you have to authenticate to your ISP's router with PPPoE or something? You seemed very resistant to adding a stand-alone router behind your ISP's, but how is that different from adding your Linux desktop serving as a router?
No other router is needed with IPv6 done properly. The only thing needed is open a hole in the firewall of the router.
You at least need a firewall, yet you can't trust your ISP? So the Linux box can fulfill both the firewall and the router roles. It can also be a proxy for your internal hosts if needed.
There are always crap admins out there. Can't be helped.
Another alternative might be to have a second IPv4 address. I don't know about now, but extra were available from my ISP if I wanted to pay for them.
That's an issue. Compare with having a million of public IP addresses at your disposal.
I get more than enough addresses with a class C natted subnet.
Not directly addressable. That is not Internet.
For example, with IPv6 you can send email directly from your machine to somebody else direct, without any intermediate mail server collecting it.
I can send mail directly from my natted host. Granted, my ISP blocks outgoing port 25 to anywhere but it's own SMTP servers, but that's a different issue.
That's not directly.
Sure it would be direct, if my ISP didn't block outgoing SMTP to any destinations other than its own. Most ISP's and corporate networks block outgoing port 25 to improve security and stop spam relaying. That has nothing to do with NAT.
No such blocking here, and still I can not mail my pals without using a mail server out there. Because of NAT.
You are sending email to your mail provider, same as me. We are talking of me sending an email direct from my machine to your machine, with no server in between.
Actually, I bypass my ISP's SMTP servers. I use a non-standard port to connect to my outside smart-relay host from my MUA. I don't run, and don't need, to run postfix or sendmail locally.
We are talking of not using an outside smart-relay host. Nothing outside, just your home machine and the destination machine at some other home. Pay attention.
Or phone them.
I can phone them using Signal. Video too. And it's encrypted.
And you are using outside servers to complete the connection. Stun and other things. Signal servers. I'm saying doing it direct, no other server intervening. No big brother storing your messages and passing a copy to the authorities.
I can connect to outside services directly, ssh, https, imaps. Further, Signal is TNO, which means no one except the destination can decrypt the content.
Again, we are talking direct home to home, room to room. Direct, no outsiders. Pay attention.
Just routers, switches and firewalls. Freedom.
Just routers, switches, and firewalls doing NAT. Freedom.
No, you don't have freedom with NAT involved. You need servers outside as intermediaries.
Or share files with them.
That can be accomplished with ssh port forwarding through your NAT router, correct?
That would be a hack, so complicated that nobody does it. With IPv6 you don't use NAT nor port forwarding. Direct. Freedom.
A one-line entry in my firewall's web configuration screen handles the port forwarding. Hardly complicated.
Still, you need that dirty hack. ... If you don't understand it, I give up. EOT. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)