If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
Ads |
#47
|
|||
|
|||
DHCP for DNS or "hard-wired"?
On Sun, 25 Jun 2017 14:19:19 +1000, Lucifer Morningstar
wrote: It says the author is one of these people who thinks he wants everything that is new without realising that IPv6 is not used on LANs. All the problems he encountered would have been solved when he went back to IPv4 for his LAN. Why create problems unnecessarily? The ISP only ever need provide one address whether it be IPv4 or IPv6. Paul With IPv4, the ISP provides one address as you said. Things like NAT/Port numbers must be used to handle multiple devices. With IPv6, the ISP is providing one RANGE of addresses. Your router can provide individual addresses from within that range. Why create problems unnecessarily? Because, eventually, everything will be IPv6 only and every device will have its own address. |
#48
|
|||
|
|||
DHCP for DNS or "hard-wired"?
On Sun, 25 Jun 2017 06:25:06 -0400, Pat wrote:
On Sun, 25 Jun 2017 14:19:19 +1000, Lucifer Morningstar wrote: It says the author is one of these people who thinks he wants everything that is new without realising that IPv6 is not used on LANs. All the problems he encountered would have been solved when he went back to IPv4 for his LAN. Why create problems unnecessarily? The ISP only ever need provide one address whether it be IPv4 or IPv6. Paul With IPv4, the ISP provides one address as you said. Things like NAT/Port numbers must be used to handle multiple devices. With IPv6, the ISP is providing one RANGE of addresses. The ISP is provided with a range of IPs to use for it's customers. It is not going to waste IPs by giving blocks to each customer when only one is needed and only one can be used on the WAN side. Your router can provide individual addresses from within that range. Not true. Why create problems unnecessarily? Because, eventually, everything will be IPv6 only and every device will have its own address. Every device already has it's own address. Your method provides an open door to hackers. Hackers can get direct access to your printer and feed all the paper out or launch a ping attack on your printer and make it unusable. I hope you do not work for any government departments. You could be arrested for encouraging hackers. |
#49
|
|||
|
|||
DHCP for DNS or "hard-wired"?
On Sun, 25 Jun 2017 22:31:46 +1000, Lucifer Morningstar
wrote: On Sun, 25 Jun 2017 06:25:06 -0400, Pat wrote: On Sun, 25 Jun 2017 14:19:19 +1000, Lucifer Morningstar wrote: It says the author is one of these people who thinks he wants everything that is new without realising that IPv6 is not used on LANs. All the problems he encountered would have been solved when he went back to IPv4 for his LAN. Why create problems unnecessarily? The ISP only ever need provide one address whether it be IPv4 or IPv6. Paul With IPv4, the ISP provides one address as you said. Things like NAT/Port numbers must be used to handle multiple devices. With IPv6, the ISP is providing one RANGE of addresses. The ISP is provided with a range of IPs to use for it's customers. It is not going to waste IPs by giving blocks to each customer when only one is needed and only one can be used on the WAN side. Your router can provide individual addresses from within that range. Not true. Why create problems unnecessarily? Because, eventually, everything will be IPv6 only and every device will have its own address. Every device already has it's own address. Your method provides an open door to hackers. Hackers can get direct access to your printer and feed all the paper out or launch a ping attack on your printer and make it unusable. I hope you do not work for any government departments. You could be arrested for encouraging hackers. I give up. Just because you don't understand how devices like printers are protected doesn't mean they are vulnerable. |
#50
|
|||
|
|||
DHCP for DNS or "hard-wired"?
Lucifer Morningstar wrote:
The ISP is provided with a range of IPs to use for it's customers. It is not going to waste IPs by giving blocks to each customer when only one is needed true, most will only allocate a single address per customer, and that may not be fixed unless it's requsted. and only one can be used on the WAN side. It's certainly possible to have more than one address on the WAN side, for example I have 8 addresses. |
#51
|
|||
|
|||
DHCP for DNS or "hard-wired"?
Lucifer Morningstar wrote:
On Sun, 25 Jun 2017 05:43:17 -0000 (UTC), lifewoutmilk wrote: Lucifer Morningstar wrote: On Sun, 25 Jun 2017 01:18:07 -0000 (UTC), lifewoutmilk wrote: Dave Doe wrote: In article , , lifewoutmilk says... Lucifer Morningstar wrote: On Sat, 24 Jun 2017 13:49:09 +0100, "NY" wrote: "lifewoutmilk" wrote in message news NY wrote: Your typical subnet assigned by an ISP is going to be 2^64 addresses. There's no conceivable way that you're going to run out of addresses on your home network. Agreed. I think I can safely say that you will *never* use up 2^64 different addresses! Also, with so many addresses available in a single subnet, there's no need for NAT given a decent firewall. NAT is always needed to translate from the WAN IP to the various LAN IPs. I think you're implying here that all LANs need NAT, which is not correct. You do realize that it's possible to have a LAN where each device has a public IP address right? The only reason NAT use is so pervasive is it avoids the requirement that all devices have a publicly routable IPv4 address (because it is a scarce resource) and it incidently acts as a sort of firewall (not exactly but close enough). In my home network which is dual-stack IPv4 and IPv6, NAT is only used for IPv4. There is absolutely no NAT happening for IPv6 traffic. Did you turn it off? Just wondering. I have done that on my modem, I turned off IPV6 because I dislike my PC's on the network getting those ackward to deal with IPV6 addresses. https://1drv.ms/i/s!AjwgsYmRt63ph_FZqu4qDk4imZ2x4A https://1drv.ms/i/s!AjwgsYmRt63ph_FaszBR0fLjR-bphg No, I went out of my way to ensure that IPv6 is a first-class protocol on my home network. In fact, for the last week, approximately 23% of the traffic on this network has been over IPv6. http://i.imgur.com/16KAqBt.png You must have got bored with your network not being broken. Now at least you have something to complain about. If it aint broke make it so, right? Not broke at all. Regardless of what your feelings are about IPv6, I'm pretty sure it's going to be around for a long time. The outside world needs IPv6 but not the LAN. Why are most optical drives still using IDE? I'm sorry, what year do you think it is? |
#52
|
|||
|
|||
DHCP for DNS or "hard-wired"?
Lucifer Morningstar wrote:
On Sun, 25 Jun 2017 05:49:24 -0000 (UTC), lifewoutmilk wrote: Lucifer Morningstar wrote: On Sun, 25 Jun 2017 01:31:53 -0000 (UTC), lifewoutmilk wrote: Dave Doe wrote: In article , , lifewoutmilk says... NY wrote: "lifewoutmilk" wrote in message news NY wrote: Your typical subnet assigned by an ISP is going to be 2^64 addresses. There's no conceivable way that you're going to run out of addresses on your home network. Agreed. I think I can safely say that you will *never* use up 2^64 different addresses! Also, with so many addresses available in a single subnet, there's no need for NAT given a decent firewall. The problem is that (if I understand correctly) the "decent firewall" has to exist on every device that is connected, otherwise that device is vulnerable. You could have a good secure firewall on all your Windows No, all traffic is still filtered by my firewall even if it is IPv6 traffic. Just because my desktop has a publicly routable IPv6 address doesn't mean that devices on the Internet have unfiltered access to it. My router/firewall still determines what packets reach my desktop and what packets reaches the Internet from my desktop. As someone else mentioned, NAT is not a security solution. It just so happens to "filter" out public access to devices on the LAN. The firewall aspect of your router is in *addition* to that NAT function. computers, but you might also have a security camera on your network which has no firewall. With IPv4 and NAT, the NAT and the firewall built into the router provide a first line of defence which is missing if you go for IPv6 and no NAT - you are then devolving the problem to every device separately rather than centralising it. No. You've misunderstood. Publicly routable does not imply unfiltered. Short of firewall settings on the modem, it surely most certainly is ??? My point is that just because an IP is publicly *routable*, does not mean that access to that publicly routable address is guaranteed to be unfiltered by a firewall. It simply means that NAT is not required. A NAT is still required to translate the single address provided by your ISP to the multiple addresses on your network. If I gave you my desktops IPv6 address, you would be able to ping my desktop because IPv6 ICMP echo requests and IPv6 ICMP echo responses are unfiltered on my firewall. (Required by RFC 4890 section 4.3.1 along with several other ICMP types.) Blocked by some to avoid ping attacks. However, even though you can ping my desktop from the Internet, you would not be able to connect to the Plex media server that is running on it because that traffic is filtered (along with most other inbound traffice) by the firewall. And because the ISP will not know to send multiple IPs to you. NAT is still needed. Let me assure you, I have written the firewall rules myself. There is no NAT for IPv6 here. The only rule for NAT is for IPv4. You haven't understood much of what I've written. That's okay. Many people don't understand how networks and IP addressing work. It's not required knowledge to use the Internet. I'm not an expert You have made that abundantly clear. but I do have a small local network over two buildings with a mixture of gigabit Ethernet and Wi-Fi and OSX/OSX server/Windows XP/10/Server 2003/Solaris 10 on SPARC and Solaris 11 X64. Windows XP and Server 2003? Both are EOL by Microsoft and yet you're claiming that we're opening our systems up for hackers? You are far more up to date but I still see IDE used with optical disk drives because optical drives do not benefit from the higher speed of SATA. What exactly does IDE have to do with any of this? Nothing. I'm sorry that your stuck working with ancient hardware and software. |
#53
|
|||
|
|||
DHCP for DNS or "hard-wired"?
On Sun, 25 Jun 2017 09:40:08 -0400, Pat wrote:
On Sun, 25 Jun 2017 22:31:46 +1000, Lucifer Morningstar wrote: On Sun, 25 Jun 2017 06:25:06 -0400, Pat wrote: On Sun, 25 Jun 2017 14:19:19 +1000, Lucifer Morningstar wrote: It says the author is one of these people who thinks he wants everything that is new without realising that IPv6 is not used on LANs. All the problems he encountered would have been solved when he went back to IPv4 for his LAN. Why create problems unnecessarily? The ISP only ever need provide one address whether it be IPv4 or IPv6. Paul With IPv4, the ISP provides one address as you said. Things like NAT/Port numbers must be used to handle multiple devices. With IPv6, the ISP is providing one RANGE of addresses. The ISP is provided with a range of IPs to use for it's customers. It is not going to waste IPs by giving blocks to each customer when only one is needed and only one can be used on the WAN side. Your router can provide individual addresses from within that range. Not true. Why create problems unnecessarily? Because, eventually, everything will be IPv6 only and every device will have its own address. Every device already has it's own address. Your method provides an open door to hackers. Hackers can get direct access to your printer and feed all the paper out or launch a ping attack on your printer and make it unusable. I hope you do not work for any government departments. You could be arrested for encouraging hackers. I give up. Just because you don't understand how devices like printers are protected doesn't mean they are vulnerable. DOS attacks on printers have happened. You are making it easier. |
#54
|
|||
|
|||
DHCP for DNS or "hard-wired"?
Lucifer Morningstar wrote:
On Sun, 25 Jun 2017 09:40:08 -0400, Pat wrote: On Sun, 25 Jun 2017 22:31:46 +1000, Lucifer Morningstar wrote: On Sun, 25 Jun 2017 06:25:06 -0400, Pat wrote: On Sun, 25 Jun 2017 14:19:19 +1000, Lucifer Morningstar wrote: It says the author is one of these people who thinks he wants everything that is new without realising that IPv6 is not used on LANs. All the problems he encountered would have been solved when he went back to IPv4 for his LAN. Why create problems unnecessarily? The ISP only ever need provide one address whether it be IPv4 or IPv6. Paul With IPv4, the ISP provides one address as you said. Things like NAT/Port numbers must be used to handle multiple devices. With IPv6, the ISP is providing one RANGE of addresses. The ISP is provided with a range of IPs to use for it's customers. It is not going to waste IPs by giving blocks to each customer when only one is needed and only one can be used on the WAN side. Your router can provide individual addresses from within that range. Not true. Why create problems unnecessarily? Because, eventually, everything will be IPv6 only and every device will have its own address. Every device already has it's own address. Your method provides an open door to hackers. Hackers can get direct access to your printer and feed all the paper out or launch a ping attack on your printer and make it unusable. I hope you do not work for any government departments. You could be arrested for encouraging hackers. I give up. Just because you don't understand how devices like printers are protected doesn't mean they are vulnerable. DOS attacks on printers have happened. You are making it easier. Once more, just because a device has a publicly routable IP address, that doesn't mean the device is not behind a filtering firewall. It's almost as though you're being intentionally obtuse about the whole thing. |
#55
|
|||
|
|||
DHCP for DNS or "hard-wired"?
On Sun, 25 Jun 2017 16:13:17 +0100, Andy Burns
wrote: Lucifer Morningstar wrote: The ISP is provided with a range of IPs to use for it's customers. It is not going to waste IPs by giving blocks to each customer when only one is needed true, most will only allocate a single address per customer, and that may not be fixed unless it's requsted. It doesn't need fixing. You use the NAT to translate. and only one can be used on the WAN side. It's certainly possible to have more than one address on the WAN side, for example I have 8 addresses. When will that be fixed? |
#56
|
|||
|
|||
DHCP for DNS or "hard-wired"?
On Sun, 25 Jun 2017 15:21:31 -0000 (UTC), lifewoutmilk
wrote: Lucifer Morningstar wrote: On Sun, 25 Jun 2017 05:43:17 -0000 (UTC), lifewoutmilk wrote: Lucifer Morningstar wrote: On Sun, 25 Jun 2017 01:18:07 -0000 (UTC), lifewoutmilk wrote: Dave Doe wrote: In article , , lifewoutmilk says... Lucifer Morningstar wrote: On Sat, 24 Jun 2017 13:49:09 +0100, "NY" wrote: "lifewoutmilk" wrote in message news NY wrote: Your typical subnet assigned by an ISP is going to be 2^64 addresses. There's no conceivable way that you're going to run out of addresses on your home network. Agreed. I think I can safely say that you will *never* use up 2^64 different addresses! Also, with so many addresses available in a single subnet, there's no need for NAT given a decent firewall. NAT is always needed to translate from the WAN IP to the various LAN IPs. I think you're implying here that all LANs need NAT, which is not correct. You do realize that it's possible to have a LAN where each device has a public IP address right? The only reason NAT use is so pervasive is it avoids the requirement that all devices have a publicly routable IPv4 address (because it is a scarce resource) and it incidently acts as a sort of firewall (not exactly but close enough). In my home network which is dual-stack IPv4 and IPv6, NAT is only used for IPv4. There is absolutely no NAT happening for IPv6 traffic. Did you turn it off? Just wondering. I have done that on my modem, I turned off IPV6 because I dislike my PC's on the network getting those ackward to deal with IPV6 addresses. https://1drv.ms/i/s!AjwgsYmRt63ph_FZqu4qDk4imZ2x4A https://1drv.ms/i/s!AjwgsYmRt63ph_FaszBR0fLjR-bphg No, I went out of my way to ensure that IPv6 is a first-class protocol on my home network. In fact, for the last week, approximately 23% of the traffic on this network has been over IPv6. http://i.imgur.com/16KAqBt.png You must have got bored with your network not being broken. Now at least you have something to complain about. If it aint broke make it so, right? Not broke at all. Regardless of what your feelings are about IPv6, I'm pretty sure it's going to be around for a long time. The outside world needs IPv6 but not the LAN. Why are most optical drives still using IDE? I'm sorry, what year do you think it is? Optical drives are not fast enough to benefit from switching to SATA. Your LAN does not need the greater addressing range of IPv6. |
#57
|
|||
|
|||
DHCP for DNS or "hard-wired"?
On Sun, 25 Jun 2017 15:29:43 -0000 (UTC), lifewoutmilk
wrote: Lucifer Morningstar wrote: On Sun, 25 Jun 2017 05:49:24 -0000 (UTC), lifewoutmilk wrote: Lucifer Morningstar wrote: On Sun, 25 Jun 2017 01:31:53 -0000 (UTC), lifewoutmilk wrote: Dave Doe wrote: In article , , lifewoutmilk says... NY wrote: "lifewoutmilk" wrote in message news NY wrote: Your typical subnet assigned by an ISP is going to be 2^64 addresses. There's no conceivable way that you're going to run out of addresses on your home network. Agreed. I think I can safely say that you will *never* use up 2^64 different addresses! Also, with so many addresses available in a single subnet, there's no need for NAT given a decent firewall. The problem is that (if I understand correctly) the "decent firewall" has to exist on every device that is connected, otherwise that device is vulnerable. You could have a good secure firewall on all your Windows No, all traffic is still filtered by my firewall even if it is IPv6 traffic. Just because my desktop has a publicly routable IPv6 address doesn't mean that devices on the Internet have unfiltered access to it. My router/firewall still determines what packets reach my desktop and what packets reaches the Internet from my desktop. As someone else mentioned, NAT is not a security solution. It just so happens to "filter" out public access to devices on the LAN. The firewall aspect of your router is in *addition* to that NAT function. computers, but you might also have a security camera on your network which has no firewall. With IPv4 and NAT, the NAT and the firewall built into the router provide a first line of defence which is missing if you go for IPv6 and no NAT - you are then devolving the problem to every device separately rather than centralising it. No. You've misunderstood. Publicly routable does not imply unfiltered. Short of firewall settings on the modem, it surely most certainly is ??? My point is that just because an IP is publicly *routable*, does not mean that access to that publicly routable address is guaranteed to be unfiltered by a firewall. It simply means that NAT is not required. A NAT is still required to translate the single address provided by your ISP to the multiple addresses on your network. If I gave you my desktops IPv6 address, you would be able to ping my desktop because IPv6 ICMP echo requests and IPv6 ICMP echo responses are unfiltered on my firewall. (Required by RFC 4890 section 4.3.1 along with several other ICMP types.) Blocked by some to avoid ping attacks. However, even though you can ping my desktop from the Internet, you would not be able to connect to the Plex media server that is running on it because that traffic is filtered (along with most other inbound traffice) by the firewall. And because the ISP will not know to send multiple IPs to you. NAT is still needed. Let me assure you, I have written the firewall rules myself. There is no NAT for IPv6 here. The only rule for NAT is for IPv4. You haven't understood much of what I've written. That's okay. Many people don't understand how networks and IP addressing work. It's not required knowledge to use the Internet. I'm not an expert You have made that abundantly clear. but I do have a small local network over two buildings with a mixture of gigabit Ethernet and Wi-Fi and OSX/OSX server/Windows XP/10/Server 2003/Solaris 10 on SPARC and Solaris 11 X64. Windows XP and Server 2003? Both are EOL by Microsoft and yet you're claiming that we're opening our systems up for hackers? You are far more up to date but I still see IDE used with optical disk drives because optical drives do not benefit from the higher speed of SATA. What exactly does IDE have to do with any of this? Nothing. I'm sorry that your stuck working with ancient hardware and software. Did you mean you're? |
#58
|
|||
|
|||
DHCP for DNS or "hard-wired"?
Lucifer Morningstar wrote:
Andy Burns wrote: most will only allocate a single address per customer, and that may not be fixed unless it's requsted. It doesn't need fixing. You use the NAT to translate. fixed as in static, rather than dynamic. |
#59
|
|||
|
|||
DHCP for DNS or "hard-wired"?
On Mon, 26 Jun 2017 05:40:37 +1000, Lucifer Morningstar wrote:
Optical drives are not fast enough to benefit from switching to SATA. What do you do when your motherboard doesn't have IDE? Your LAN does not need the greater addressing range of IPv6. What do you do when IPv4 dies? IPv4 has 10^32 addresses. IPv6 has 10^128. My ISP has allocated me a block of 10^64 IPv6 addresses that's 32 bits more than the whole of the IPv4 range. Apart from the fact that my routers firewall blocks people trying to get in how long do you think it will take someone to try all of my 10^64 addresses to find a printer if it's switched on at the time? -- Faster, cheaper, quieter than HS2 and built in 5 years; UKUltraspeed http://www.500kmh.com/ |
#60
|
|||
|
|||
DHCP for DNS or "hard-wired"?
Rodney Pont wrote:
IPv4 has 10^32 addresses. IPv6 has 10^128. 2^32 and 2^128 |
Thread Tools | |
Display Modes | Rate This Thread |
|
|