Hacker News new | ask | show | jobs
by kalleboo 67 days ago
IPv4 came out in 1982 and was designed for every device to have a unique public address. Protocols like FTP were designed to literally pass an IP address to connect directly to.

As addresses started running out, the NAT RFC was published in 1994 and described NAT as a "short-term solution". NAT was never meant to be an integral part of IPv4. https://www.rfc-editor.org/rfc/rfc1631

NAT broke a ton of things which required more and more hacks piled on, making it more complex to build services on top if it (e.g., a server in the middle to proxy all the traffic needed between peers is a 100% requirement, with all the maintenance and scaling headaches that come with it).
1 comments
general1465 67 days ago
So you actually agree with me, that making all addresses public was stupid to begin with. It was stupid on IPv4 and it remain stupid on IPv6, yet we already have experience from IPv4 that it was stupid.
link
throw0101d 67 days ago
> So you actually agree with me, that making all addresses public was stupid to begin with.

If an address is not public how can you start an connection from it, or end a connection at it? A web server needs a public address if you want to have people reach it. And you, at some point, also have to have a public address if you want to connect to pubic services: either on your end-host, at your CPE/router's WAN interface, or on an interface of your ISP's CG-NAT box.

But having a public address on your end-host also allows for much more functionality than if you were stuck behind CPE-NAT or CG-NAT. Now, you don't have to use this functionality—just like how I didn't when my printer gets an publicly addressable (but not publicly reachable) IPv6 address—but it opens up various possibilities.

link
general1465 66 days ago
So having all devices on public addresses was stupid to begin with on IPv4 and it was arrogantly stupid on IPv6.
link
orangeboats 66 days ago
The fact that we are giving IP addresses an hierarchy is stupid. If you don't want outsiders to connect to your device use a firewall.
link
general1465 65 days ago
Or use NAT, which is actually better solution, because misconfigured NAT won't expose your whole network, while misconfigured firewall will.
link
Dagger2 65 days ago
Well, actually it will. In fact, even correctly configured NAT won't stop connections into your network.

On top of that, it lulls you into a false sense of security, so you confidently think it's protecting you even when it isn't. At least not having NAT makes the actual state of your network clearer.

link
throw0101d 66 days ago
> So having all devices on public addresses was stupid to begin with on IPv4 and it was arrogantly stupid on IPv6.

"Yeah? Well, you know, that's just like uh, your opinion, man." — The Dude

Publicly addressable ≠ publicly reachable.

When I was with my last ISP which had IPv6, my printer had a public address, but the only people who could reach it were those on my home network.

link
general1465 65 days ago
With this logic, my printer can be reachable on google.com, but only from my private network, does not turn my printer into Google.
link