Hacker News new | ask | show | jobs
by dec0dedab0de 4613 days ago
If we want proper peer-to-peer communications to be possible, we need to avoid, where possible, the need for a routable middle-man to help out.

That is the very reason many people are nervous about the switch. Right now NAT/PAT give home users reasonable security without the need for a firewall. The obvious solution is just to make cheap firewalls that can route properly, and default to blocking all incoming traffic. However, that brings up the same concern of needing some way to dynamically poke a hole through the firewall. Which brings us to UPnP, and I for one do not trust that at all, but maybe thats my tinfoil hat.

I totally agree that we need to move forward with IPv6 though.
1 comments
AndrewDucker 4613 days ago
Just because your router supports IPv6 doesn't mean it should open connections from the outside world. I'd expect all home routers to continue to default to "only outwards connections allowed" and let you specify open ports as you need them - exactly as they do now.
link
johnjac 4613 days ago
This is getting close to my point. If: 1) outbound only is going to be the default, and 2) most services already need 'man in the middle' (directly service at least) and 3) IPv6 is going to need to NAT to get to the legacy IPv4 addresses anyway

What advantage is IPv6 for most of my devices giving me?

link
AndrewDucker 4613 days ago
IPv6 doesn't NAT to get to IPv4 addresses - you'll need to run both in parallell to get to IPv4 addresses, until everyone is switched over.

And the advantage is that when you _do_ want to go direct you aren't stuck with being behind NAT on your router and then another NAT at your ISP, and then possibly another NAT level, and then the same in reverse at the other end, so that it's possible at all.

And sure, it might not give _you_ anything you particularly care about. But when you find that you can't do something, because there are several layers of indirection between you and someone else, and now you need to run your own server in order to hook two machines to each other over the internet, then you'll wish IPv6 was available.

link
Shish2k 4613 days ago
For the cases where you do want to allow inbound connections, enabling them becomes simple and reliable
link