Comment on CGNAT blocking external access to NAS. Looking to address this plus more.
stown@lemmy.world 1 year agoNAT certainly exists in IPV6, I use it on my home network for my nginx proxy VM. I cannot, for the life of me, figure out how to change the IP on the host so I do NAT on my router. 🤷♂️
thelittleblackbird@lemmy.world 1 year ago
This is not the Nat functionality as people associated with ipv4, and certainly it is not showing the drawback of allowing the communication only when the NATed client started the communication.
Even if they are alike they are not the same.
I reaffirm myself here. It is possible to have full ipv6 communication and providers do not have cgnats. It is your easiest and most uncomplicated solution with almost nothing to install to make it work.
And in addition, I have to say that I don’t see any benefit in using such functionality at home. If someone can illustrate me a use case I would be thankful
stown@lemmy.world 1 year ago
I use NAT on IPv6 so that I control which IP address is exposed. I’ve got /60 and all of my home devices are assigned unique IPs. What I like to do is set up a V6 address that uses the same numbers as my static V4 address and NAT that to my NGINX box, basically using the router assigned V6 as a “local” address.
thelittleblackbird@lemmy.world 1 year ago
Take wiht a bit (or a lot) of salt what I am gonna say. Because undoubtedly I am. Missing something here.
But if what you a already say is true probably you are not restricting anything. The recommended way to do so is with a firewall rule (probably in your router).
You are extending the subnet definition beyond the 16 bits. This can create problems and I doubt that your router will block anything if something crafted is received from Internet.
But of course, being the extremely big address space your are probably safe.
I any case, with a firewall rule in your router allowing only the proxy to go receive connections, you should be good and more standard conform
stown@lemmy.world 1 year ago
I already do use firewall rules, this is just an extra step I take to segment things which also serves to make it a bit easier for me to remember certain addresses. It is entirely unnecessary, but I like it this way.