lemm.ee

1 point

4 months ago

You can use ULAs (unique local addresses) or that purpose. Your devices can have a ULA IPv6 address that’s constant, and a public IPv6 that changes. Both can be assigned using SLAAC (no manual config required).

I do this because the /56 IPv6 range provided by my ISP is dynamic, and periodically changes.

report

[ - ]

Brkdncr@lemmy.world

1 point

4 months ago

Yes but you’d still be performing NAT. It’s at least 1:1.

You’ll need to deal with firewall rules regardless, and drop IPs into policies. IPv6 doesn’t remove any of those chores but gets rid of having to maintain tables to deal with many-to-one NAT.

report

[ - ]

1 point

4 months ago

You wouldn’t need NAT. The ULA is used on the internal network, and the public IP is for internet access. Neither of those need NAT.

report

[ - ]

Brkdncr@lemmy.world

1 point

4 months ago

What translates the public ip to the internal ip? Aren’t they different?

report

[ - ]

1 point

4 months ago

There’s no translation between them. With IPv6, one network interface can have multiple IPs. A ULA (internal IP) is only used on your local network. Any internet-connected devices will also have a public IPv6 address.

ULAs aren’t too common. A lot of IPv6-enabled systems only have one IP: The private one.

report

[ - ]

1 point

4 months ago

If you use a single shared public ip then you’re using some amount of address translation.

If you’re using an external ip address that’s different than an internal ip address but both are assigned to a single host the you’re doing 1:1 NAT.

At least that’s how I understand ipv4 and I don’t think ipv6 is much different.

report

[ - ]

1 point

4 months ago

If you use a single shared public ip then you’re using some amount of address translation

This is practically never the case with IPv6. Usually, each device gets its own public IP. This is how the IPv4 internet used to work in the old days (one IP = one device), and it solves so many problems. No need for NAT traversal since there’s no NAT. No need for split horizon DNS since the same IP works both inside and outside your network.

There’s still a firewall on the router, of course.

At least that’s how I understand ipv4 and I don’t think ipv6 is much different.

With IPv6, each network device can have multiple IPs. If you have an internal IP for whatever reason, it’s in addition to your public IP, not instead of it.

IPs are often allocated using SLAAC (stateless address auto config). The router tells the client "I have a network you can use; its IP range is 2001:whatever/64, and the client auto-generates an IP in that range, either based on the MAC address (always the same) or random, depending on if privacy extensions are enabled - usually on for client systems and off for servers.

report

[ - ]

Brkdncr@lemmy.world

1 point

4 months ago

Just like ipv4 though, you wouldn’t use external addresses internally because your external IPs might change, such as when moving between ISPs. You would NAT a hosts external address to its internal address.

report

[ - ]

1 point

4 months ago

your external IPs might change, such as when moving between ISPs

This is true

You would NAT a hosts external address to its internal address.

This is usually not true.

If you’re worried about your external IP changing (like if you’re hosting a server on it), you’d solve it the same way you solve it with IPv4: Using dynamic DNS. The main difference is that you run the DDNS client on the computer rather than the router. If there’s multiple systems you want to be able to access externally, you’d habe multiple DDNS hostnames.

report