Idk man, NAT makes a lot of sense once you get used to it. And it's pretty cozy with its firewall features. And somewhat human readable ipv4 addresses are nice.

[–] Laser@feddit.org 1 points 6 days ago (5 children)

Idk man, NAT makes a lot of sense once you get used to it.

That's a lie, NAT is bullshit, sometimes necessary, but it will never "make sense".

[–] slate@sh.itjust.works 6 points 6 days ago (4 children)

I like that none of my local devices are externally addressable unless an outgoing connection has been established. You can (and should) achieve the same thing with ipv6, but then it's essentially just maintaining a NAT table without the translation piece. I think that makes sense in both protocols.

[–] r00ty@kbin.life 7 points 6 days ago

With IPv6 for most use cases there's actually more security. With privacy extensions (pretty sure it's enabled on windows by default), when you make connections from your device, it uses a "private" IP. That is a randomly chosen address inside your network's prefix, that changes regularly.

These addresses don't accept incoming connections. You have a main address that doesn't really change that you accept connections on. Firewall that for ports you want to allow and then hackers need to port scan 2^64 or 2^80 address space to find your real IPs in your prefix. If they capture your IP from a connection to a web server etc, they won't have luck scanning you.

Again as per my post above, the biggest risk right now is bad default configurations on many home routers.

load more comments (3 replies)

load more comments (9 replies)