Re: Does IPv6 preclude use of a NAT gateway?
Randy Kramer writes:
> The other feature I get from my NAT gateway (as I mention in other
> posts) is the ability to run multiple computers on one IP address from
> my ISP, and without the ISP (easily, at least), knowing how many
> computers I'm running.
> Can I get the same ability with the approach you mention?
You get that for free with IPv6. An IPv6 interface can have multiple
IPs. Microsoft makes use of that feature to randomize source IPs for
privacy by default on Windows 7, and Linux can do it as well. This
means that your ISP cannot tell if you have one machine using 2^64
addresses or 2^64 machines[1]. Apache can use a single static IP that
is in the DNS, Bittorrent can use an unpublished static IP, and your
browser can use a different random IP for each connection, all from one
(or several) machines. For communication among your machines and/or
peripherals you will use site or link local addresses which cannot
propagate over the Net.
Of course, everyone you connect to will know your prefix, but that is no
different than them knowing your public IPv4 IP. The difference is that
they can easily probe all the ports on your NAT gateway. They cannot
scan all 2^64 of your addresses (and you will have a firewall on your
router).
[1] If your ISP gives you a /48 as he should you will have 2^16 subnets
each with 2^64 addresses.
--
John Hasler
Reply to: