Jump to content
RESET Forums (homeservershow.com)
schoondoggy

Home Network IP Address Scheme Best Practice

By schoondoggy, in Networking

Recommended Posts

jmwills    284

jmwills
Posted

So you want to expose your internal network directly to the internet? Go ahead.

Share this post

Link to post
Share on other sites

nrf    132

nrf
Posted

this seems like a blunt statement. aren't there still firewall protections provided by the 'router' component?

Share this post

Link to post
Share on other sites

mnbf9rca    2

mnbf9rca
Posted

this seems like a blunt statement. aren't there still firewall protections provided by the 'router' component?

 

indeed - just because it's routable doesnt mean all traffic can pass. The router is still acting as a firewall to allow in only traffic relating to existing sessions, or traffic i specifically allow (like to specific ports on servers etc.)

Share this post

Link to post
Share on other sites

jmwills    284

jmwills
Posted

But you're still only getting one external IP address from the ISP, unless you are running a business class model.  I know of NO ONE running IPv6 on their internal networks and I work for one of those three letter agencies.

Share this post

Link to post
Share on other sites

GotNoTime    219

GotNoTime
Posted

But you're still only getting one external IP address from the ISP, unless you are running a business class model.

Which is why IPv6 gives you so much more flexibility. You avoid NAT which causes a lot of unnecessary complication and breakage. You don't need to setup static port forwarding rules. You don't need to deal with the security hole that is UPnP. You're able to have multiple servers using the standard defined ports.

 

I know of NO ONE running IPv6 on their internal networks and I work for one of those three letter agencies.

Comcast 100% completed their roll out of dual stack IPv4 + IPv6 last year. The large ISPs in the UK are rolling out IPv6 as well now. Smaller nice ISPs have already had IPv6 for years now.

Share this post

Link to post
Share on other sites

Trig0r    207

Trig0r
Posted

I know of NO ONE running IPv6 on their internal networks and I work for one of those three letter agencies.

 

Well thats just a challenge now isnt it lol...

 

IRS...?

Share this post

Link to post
Share on other sites

jmwills    284

jmwills
Posted

Sorry.  Cannot divulge that.

Share this post

Link to post
Share on other sites

Trig0r    207

Trig0r
Posted

lol, tell us you work for a 3 letter agency but then not which one, I've figured it out, given you tell us you work for one clearly isn't what someone that worked for one would do, so, it UPS isn't it.....

 

 

Sent from my iPad using Tapatalk

Share this post

Link to post
Share on other sites

nrf    132

nrf
Posted

3 letter agencies aside, my ISP gives a ipv4 ip address, a 128 bit ipv6 address,  plus a 64-bit ipv6 delegated prefix (range) which is distributed among the lan members. maybe sophos is considered a "business class model" but this seems like a very conventional ipv6 scenario

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing


×
×
  • Create New...