In addition to what the other commented said, a lot of sys and net admins really don’t like the idea of every lan device being globally addressable, while there’s ways around it, a standard ipv4 Nat is a safety blanket to a lot of admins… Not that it should be like that, just my observation.
They need to stop that nonsense. NAT is not for security, and was not designed for security purposes. In fact, there are a few ways it subverts security, such as SNI in TLS making the connection less private than it could be.
If they want to block external connections, a border firewall can do the job just fine without NAT. It’s arguably better, because it doesn’t have to take NAT into account for any of its rules.
a border firewall can do the job just fine without NAT
How do you anonymize ip addresses without effectively recreating nat using firewall rules?
Mu. Why do you feel the need to anonymize IP addresses?
There is no way to personally identify anyone. Right now advertisers have to jump through hoops of cookies and browser fingerprinting to identify you- which can be blocked.
abhibeckert@lemmy.world 9 months ago
Those admins don’t know what they’re talking about. IPv6 has a region of the address space that can only be reached locally - similar to the 192.168.x.x space in IPv4.
Fungah@lemmy.world 9 months ago
Honestly my biggest issue with ipv6, aside from not understanding it, which I don’t, at all, I’ve realized while setting up my own opnsense firewall, is that they decided on FUVKING COLONS. AND LETTERS. Okay, cool, hexadecimal exists, that’s swell, but typing them is such a fucking pain in the ass.
There’s no way to put your fingers on a keyboard to make it feel natural.
frezik@midwest.social 9 months ago
Nothing the mechanical keyboard community can’t solve.
ipv6buddy.com
nightwatch_admin@feddit.nl 9 months ago
While I agree that it is godawful to type and worse to read, let alone remember, you wouldn’t want these addresses in full decimal notation…