Today in our newest take on “older technology is better”: why NAT rules!
You can still NAT IPv6
Yes, but why would you want to? We have enough addresses for the foreseeable future.
Fire bad, change scary
I think it’s worth taking the time to learn IPv6 property. If you have a good understanding of IPv4 it shouldn’t take you more than an afternoon.
Eliminating NAT and just using firewall rules (ie what NAT does behind your back) is incredibly freeing.
I don’t get people complaining about typing out IPs. I like to give all of my clients full FQDNs but you don’t have to. Just using mDNS would be enough to avoid typing a bunch of numbers.
Maybe I have Stockholm Syndrome, but I like NAT. It’s like, due to the flaws of IPv4 we basically accidentally get subnets segmented off, no listening ports, have to explicitly configure port forwarding to be able to listen for connections, which kinda implies you know what you’re doing (ssshh don’t talk about UPnP). Accidental security of a default deny policy even without any firewalls configured. Haha. I’m still getting into this stuff though, please feel free to enlighten me
Ha I can remember the ipv6 of cloudflare DNS just fine! It’s uh… something : something : something :: 1111
2606:4700:4700::1111
Hmm, maybe Google is easier:
2001:4860:4860::8888
Quad9 is 2620:fe::fe or 2620:fe::9
I don’t understand why they can’t get better addresses than that. Like surely 1::1 would be valid?
Edit: So IANA only control addresses 2001:: and up and there are quite a few IETF reservations within that. I don’t know why they picked such a high number to start at. Everything else seems IETF reserved with a little space allocated for special purposes (link-local, multicast, etc.).
Ipv6 is not 6 bytes? 8 segments of 2 bytes for a sum of 16 bytes?
Or am I stupid right now?
