Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
lxgr 2 days ago

> nobody cares about NAT at home.

Only because most people don't know how NAT is hurting them, and because corporations have spent incredible resources on hacking around the problem for when peer to peer is required (essentially only for VoIP latency optimization and gaming).

NAT hurts peer to peer applications much more than cloud services, which are client-server by nature and as such indeed don't care that only outgoing connections are possible.

LegionMammal978 2 days ago | parent [-]

Even in a NAT-less world, the common advice is to use a firewall rule that disallows incoming connections by default. (And I'd certainly be worried if typical home routers were configured otherwise.) So either way, you'd need the average person to mess with their router configuration, if they want to allow incoming P2P connections without hole-punching tricks. At best, the lack of NAT might save you an address-discovery step.

lxgr 2 days ago | parent | next [-]

> the common advice is to use a firewall rule that disallows incoming connections by default.

That's good advice! But firewall hole punching is also significantly easier (and guaranteed to work) compared to NAT hole punching. Address discovery is part of it, but there are various ways to implement a NAT (some inherently un-hole-punch-able) and only really one sane way to do a firewall.

> you'd need the average person to mess with their router configuration,

At least with IPv6, that firewall is likely to exist in the CPE, which sophisticated users can then ideally open ports in (or which can implement UPnP/NAT-PMP or whatever the current name for the "open this port now!!" protocol of the decade is); for CG-NAT, it's often outright impossible.

kalleboo a day ago | parent | prev | next [-]

Hole-punching tricks work fine. They don't work at all of both users are behind IPv4 NAT/CGNAT.

bombcar 2 days ago | parent | prev [-]

UPnP has covered a huge percentage of use cases that actual users care about, and those who it doesn't cover are often able to do their own customization.

zadikian 2 days ago | parent [-]

upnp should not exist. Any new router default disables it, as it should be.

lxgr a day ago | parent [-]

Care to elaborate? Non-sophisticated users don't deserve IP reachability?

zadikian a day ago | parent [-]

I used to have it enabled long ago. It's insecure. Random cheap devices will open up ports with upnp without the user noticing. It doesn't work that well either, cause hosts will conflict on ports. P2P applications have better ways to establish connectivity.