895

submitted 2 days ago by qaz@lemmy.world to c/programmer_humor@programming.dev

166 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] DarkSideOfTheMoon@lemmy.world 16 points 1 day ago

Also for home network I don’t won’t my IOT to have a real IP to the Internet. Using IPv4 NAT you can have a bit of safety by obscurity

[-] pupbiru@aussie.zone 8 points 1 day ago

NAT is not much different to a firewall though… just because the address space is publicly routable does not mean that the router has to provide a route to it, or a consistent route

NAT works by assigning a public port for the outgoing stream different to the internal port, and it does that by inspecting packets as they go over the wire: a private machine initiates a connection, assign an arbitrary free port, and sends that packet off to the router, who then reassigns a new port, and when packets come in on that port it looks up the IP and remapped port and substitutes them

that same process can easily be true in IPv6 but you don’t need to do any remapping: the private machine initiates a connection, and the router simply marks that IP and port combination as “routable” rather than having to do mappings as well

[-] InnerScientist@lemmy.world 1 points 22 hours ago* (last edited 22 hours ago)

I don’t won’t my IOT to have a real IP to the Internet

Why not? What's the difference to them having a nat ipv4?

[-] StopSpazzing@lemmy.world 5 points 1 day ago

Its unlikely someone with guess your ipv6 of your iot.

[-] IphtashuFitz@lemmy.world 13 points 1 day ago

No, but it’s far easier to explain how to configure your home network such that 182.168.1.* is for your regular devices like laptops, etc. and 192.168.2.* is for your IoT devices. Then block all access from 192.168.2.* to the internet so your IoT devices can’t “phone home”, can’t auto-update without your knowledge, can’t end up as part of a botnet, etc.

[-] StopSpazzing@lemmy.world 8 points 1 day ago

That's the thing, you are still thinking in ipv4 terms, and that's ok. It's a different way to think of things using ipv6 and the proper way to configure them. No worries tho. Not like you are being forced to ipv6 for internal home networks.