| ▲ | system2 3 hours ago | |||||||
Bypassing the router to get to the device directly via IP sounds like insanity. Like a forever-open port. | ||||||||
| ▲ | GuB-42 2 hours ago | parent | next [-] | |||||||
You are not bypassing the router, the devices need to get their packets from somewhere, and it is only like a forever-open port if the router/firewall decides it is. My ISP router supports IPv6 but blocks all incoming connections by default, which is kind of like what NAT does as a side effect. It sounds like insanity because we tend to assume that no NAT means no firewall, because NAT has some firewall-like properties, and on the most basic networks, that's the only "firewall" there is. But none of the security features of "NAT as a firewall" are exclusive to IPv4, in fact, IPv6 has an advantage because the much larger address space makes a full scan practically impossible. | ||||||||
| ▲ | krupan 3 hours ago | parent | prev | next [-] | |||||||
It's a big privacy problem too. Basing your IP address on your Mac address doesn't help in that regard either. Times have changed a lot since IPv6 was invented. | ||||||||
| ||||||||
| ▲ | hdgvhicv 2 hours ago | parent | prev [-] | |||||||
Anti nat advocates seem to fall into the “the network shouldnt provide a stateful firewall” camp, because once you have a stateful firewall then nat is a trivial amount of extra bytes and very few issues with modern protocols (ones which don’t embed layer 3 addressing in layer 6/7 messages) | ||||||||
| ||||||||