Re: address and port translation (NAT) no longer required in IPv6 -- but...
On Tue, Dec 27, 2011 at 10:59 AM, <keitho@strucktower.com> wrote:
> OK I'm a novice, but it seems from my perspective that having adequate
> addresses is only the tech part of the issue. Verizon and other large
> ISP's don't want home owners to create servers accessible from outside
> their homes. If they find out you are doing so they will insist on
> charging you the _much_ higher "business" rate. Isn't that why they block
> and/or watch standard ports?
It certainly is why my last three ISPs did so. No ports 80 or 25 inbound.
Now considering the abuses that certain commercial OSs have
demonstrated for having open ports and default services, these
restrictions can be excused as an effort at "security". But the fact
is that "upstream" is far more expensive than "downstream" in most
broadband networks, and so the increased price of business service is
rationalized.
>> (Sigh!) ;-\ Now if somebody would just manufacture and sell an
>> inexpensive IPv6-capable SOHO router... /-; (sigh!)
I'm using the D-Link 615, which is (almost) fully IPv6 capable,
provides multiple tunneling options, will allow native IPv6 if Comcast
ever decides to roll it out in my area (and I buy a DOCSIS3 modem),
etc.
The problem is that the 615 provides NO firewall or filtering for IPv6
at all. Having the firewall on the systems themselves is mandatory.
NAT has provided an accidental stateful firewall for the masses that
doesn't exist by default in non-NAT situations. If I Ran The World,
all SOHO routers would have a stateful firewall enabled by default, be
it IPv6 or IPv4, NAT or not.
But then, I don't run the world. :^)
Curt-
Reply to: