undefined | Better HN

0 pointslxgr24d ago0 comments

> it's hard to remember addresses

We desperately need a standardized protocol to look up addresses via names. Something hierarchical, maybe.

> with v6 you can't rely on NAT as an ersatz firewall

Why would you not just use a regular firewall? Any device that is able to act as a NAT could act as a firewall, with less complexity at that.

0 comments

stackghost24d ago

>Why would you not just use a regular firewall?

No idea, but people do it. Every time this comes up on HN there are dozens of comments about how they like hiding their devices behind a NAT, for security

lxgrOP24d ago

Just because people regularly bring up a non sequitur doesn't mean there actually is a problem.

"I have a device acting as both a NAT and a stateful firewall, why are you making me switch to IPv6 and in the process drop both the NAT and the stateful firewall?" is a non sequitur.

stackghost24d ago

I think we're talking about two different things, or maybe I just don't understand your reply.

What I'm saying is this: There exist people in the hobbyist space who believe that when their devices only have private IPv4 addresses such as 192.168.0.0/16 that this meaningfully increases their network security, and that if their raspberry pi has a globally-routable v6 address that this weakens their network security, even though this is bogus because NAT is orthogonal to network security considerations, and that this belief contributes to IPv6 hesitancy.

j / k navigate · click thread line to collapse

0 comments

stackghost24d ago

>Why would you not just use a regular firewall?

No idea, but people do it. Every time this comes up on HN there are dozens of comments about how they like hiding their devices behind a NAT, for security

lxgrOP24d ago

Just because people regularly bring up a non sequitur doesn't mean there actually is a problem.

"I have a device acting as both a NAT and a stateful firewall, why are you making me switch to IPv6 and in the process drop both the NAT and the stateful firewall?" is a non sequitur.

stackghost24d ago

I think we're talking about two different things, or maybe I just don't understand your reply.

j / k navigate · click thread line to collapse