On 4/28/23 09:57, Carlos E. R. wrote:
On Friday, 2023-04-28 at 09:39 -0700, Lew Wolfgang wrote:
On 4/28/23 09:01, Per Jessen wrote:
Lew Wolfgang wrote:
* avoid problems when the ipv4 pool is exhausted.
But that's why God invented NAT!
NAT is a royal PITA.
Hasn't been a PITA for me, or any of my users that I know of. Sure, it's problematic if you want to run a server open to the public. But that's most likely problematic with your ISP's AUP anyway.
We accept it because there is, there wasn't, no alternative.
One alternative is to use your Linux box as your router. You could open up the appropriate ports in your host-based firewall, and NAT to your internal networks through additional Ethernet ports. Granted, your situation might be different, but in my case I have one hot Ethernet port on my cable modem that I can connect either to my Zyxel router, or if I wanted, to my Linux desktop. I think I understand that you have a different situation? Do you have to authenticate to your ISP's router with PPPoE or something? You seemed very resistant to adding a stand-alone router behind your ISP's, but how is that different from adding your Linux desktop serving as a router? Another alternative might be to have a second IPv4 address. I don't know about now, but extra were available from my ISP if I wanted to pay for them.
For example, with IPv6 you can send email directly from your machine to somebody else direct, without any intermediate mail server collecting it.
I can send mail directly from my natted host. Granted, my ISP blocks outgoing port 25 to anywhere but it's own SMTP servers, but that's a different issue.
Or phone them.
I can phone them using Signal. Video too. And it's encrypted.
Or share files with them.
That can be accomplished with ssh port forwarding through your NAT router, correct?
You could send an email where the photos are direct links to your machine at home.
You want to run a web server at home? I used to do that with NAT port forwarding.
You can run a game server at home for your group of friends, wihout even using the game masters server for finding one oanother or obtain permission.
Yes, you could certainly do that. Carlos, I know that there are use cases for being directly connected to the Internet, but the point that I was trying to make is that for most people IPv4 with NAT is perfectly acceptable. You brought up some edge cases, which is fine and accurate. But most people don't want to set up a game server at home, wouldn't you agree? For me, a home natted network with Linux hosts, a networked printer, a WiFi hub supporting a raft of smartphones and IOT devices, is fine. My computers are on a separate network from the IOT devices, so they can generate all the mayhem they want and don't threaten my security. Could you achieve the same thing with IPv6? Probably, but it requires an advanced degree to get it provably right. Then there's the case when you can get only one /64 address from your ISP. That was my situation when I gave up with it, it prevented me from setting up isolated IPv6 subnets, at least with my Zyxel router. As with most things, YMMV. I think we've had enough of this thread, this isn't the OT list after all. Regards, Lew