Comment by israrkhan
5 days ago
NAT is the reason for IPV6 not taking over.
Also it acts as a nice security perimeter. If all IoT devices in a home were exposed to internet, It would be absolute mess.
5 days ago
NAT is the reason for IPV6 not taking over.
Also it acts as a nice security perimeter. If all IoT devices in a home were exposed to internet, It would be absolute mess.
Setting up a firewall with an IPv6 deny inbound policy takes about 30 seconds. How is this an absolute mess?
NAT doesn't act as a security perimeter, and not having NAT doesn't mean that your devices are exposed to the Internet.
NAT is about dealing with address space shortages, not security.
This gaslighting keeps being repeated, but fact of the matter is that any consumer/home network will be exposed to the internet if they're using SOHO equipment via IPv6 and won't be via IPv4.
And huge % of SOHO routers won't even allow configuring IPv6 firewall which makes security a disaster.
I have never seen a single router that supports IPv4 NAT, IPv6, and not an IPv6 firewall. I’m skeptical that they exist.
2 replies →
> any consumer/home network will be exposed to the internet if they're using SOHO equipment via IPv6 and won't be via IPv4.
Only if the ISP does no egress filtering. Most mobile carriers I’ve used deny inbound connections.
1 reply →
It keeps getting repeated precisely because it isn't gaslighting. And yet we still see people claiming that NAT is security.
The only reason those networks aren't exposed to the whole Internet on v4 is because they're using RFC1918, not because of NAT -- but that still leaves them exposed to some outside networks, so routers come with firewalls, which act as an actual security boundary.
And they won't be exposed on v6, because those exact same firewalls work their magic on v6 too.
NAT doesn't provide and isn't needed for security. Its main security contribution is to confuse people about how secure their network is.
2 replies →