• frezik
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    IPv6 has DHCP, but it doesn’t work like that. You generally get a prefix and other details about the network, like the gateway address and DNS, and autoconfiguration based on the MAC address does the rest. It was first hoped that DHCP wouldn’t be needed at all for IPv6, but it turned out to be still useful. There’s some more complications here, but suffice it to say that you shouldn’t try to take your knowledge of IPv4 and try to map it on top of IPv6. They’re separate beasts.

    A gateway can block incoming traffic to the whole internal network if you want. It doesn’t need NAT to do that.

    • MeanEYE@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I’ll have to look more into it then. However I still consider hiding your private network to be a good thing, if for no other reason then privacy, even though traffic might be blocked. And I am aware that security through obscurity is not a good form of security, however when added on top of other properly secure methods, it’s an addition, no matter how trivial. As for NAT I do wish it went away as I’ve had nothing but troubles with it. But it did play an important role with IPv4.

      • frezik
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        If privacy is what you want, then NAT is forcing a bunch of decisions that make things less private.

        Consider a VoIP service like Skype or Vonage. In a world without NAT, you can directly dial the device. It’s easy to encrypt it end to end. You can have several such devices on a single network. Just need to open the port(s) on the firewall to that device.

        In a world with NAT, end users would need to forward those ports. That alone might be reasonable for the average customer to do, but having more than one device behind the gateway becomes hairy.

        So what a lot of these companies did was build a datacenter that serves connections. Your VoIP device or software initiates a connection to that server from its side, so you don’t have to configure anything. Another device dialing you connects to that server, looks up your connection, and pipes through everything.

        Now it’s a bit harder to implement end to end encryption. You could still do it, but it’s more complicated, and that complication means it’s easier to get wrong. Out of either laziness or malice, maybe the company doesn’t bother. Now its datacenter becomes a central point for snooping on conversations. Oh, and the whole service is more expensive because the cost of this datacenter has to be paid off.

        NAT is not for security or privacy. It’s harming both. The benefit of obscuring addresses on your network is far outweighed by other problems.