Jump to content
RESET Forums (homeservershow.com)
schoondoggy

Home Network IP Address Scheme Best Practice

Recommended Posts

jmwills

So you want to expose your internal network directly to the internet? Go ahead.

Share this post


Link to post
Share on other sites
nrf

this seems like a blunt statement. aren't there still firewall protections provided by the 'router' component?

Share this post


Link to post
Share on other sites
mnbf9rca

this seems like a blunt statement. aren't there still firewall protections provided by the 'router' component?

 

indeed - just because it's routable doesnt mean all traffic can pass. The router is still acting as a firewall to allow in only traffic relating to existing sessions, or traffic i specifically allow (like to specific ports on servers etc.)

Share this post


Link to post
Share on other sites
jmwills

But you're still only getting one external IP address from the ISP, unless you are running a business class model.  I know of NO ONE running IPv6 on their internal networks and I work for one of those three letter agencies.

Share this post


Link to post
Share on other sites
GotNoTime

But you're still only getting one external IP address from the ISP, unless you are running a business class model.

Which is why IPv6 gives you so much more flexibility. You avoid NAT which causes a lot of unnecessary complication and breakage. You don't need to setup static port forwarding rules. You don't need to deal with the security hole that is UPnP. You're able to have multiple servers using the standard defined ports.

 

I know of NO ONE running IPv6 on their internal networks and I work for one of those three letter agencies.

Comcast 100% completed their roll out of dual stack IPv4 + IPv6 last year. The large ISPs in the UK are rolling out IPv6 as well now. Smaller nice ISPs have already had IPv6 for years now.

Share this post


Link to post
Share on other sites
Trig0r

I know of NO ONE running IPv6 on their internal networks and I work for one of those three letter agencies.

 

Well thats just a challenge now isnt it lol...

 

IRS...?

Share this post


Link to post
Share on other sites
jmwills

Sorry.  Cannot divulge that.

Share this post


Link to post
Share on other sites
Trig0r

lol, tell us you work for a 3 letter agency but then not which one, I've figured it out, given you tell us you work for one clearly isn't what someone that worked for one would do, so, it UPS isn't it.....

 

 

Sent from my iPad using Tapatalk

Share this post


Link to post
Share on other sites
nrf

3 letter agencies aside, my ISP gives a ipv4 ip address, a 128 bit ipv6 address,  plus a 64-bit ipv6 delegated prefix (range) which is distributed among the lan members. maybe sophos is considered a "business class model" but this seems like a very conventional ipv6 scenario

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...