Post AQz7HsGZc3UICGCfqa by sataa@social.linux.pizza
(DIR) More posts by sataa@social.linux.pizza
(DIR) Post #AQz0vzMtvZ1C7yLOj2 by finlaydag33k@social.linux.pizza
2022-12-26T01:25:14Z
0 likes, 0 repeats
I hate IPv6.I hate IPv6.I hate IPv6.I hate IPv6.I hate IPv6.Did I already mention I hate IPv6?
(DIR) Post #AQz2v7Zy79SbDBAcxU by sataa@social.linux.pizza
2022-12-26T01:47:29Z
0 likes, 0 repeats
@finlaydag33k why? Don't know enough about it myself to have an opinion, but it seems odd to hate something like that.
(DIR) Post #AQz3IcII5E2l8H6aBc by finlaydag33k@social.linux.pizza
2022-12-26T01:51:44Z
0 likes, 0 repeats
@sataa I got it working pretty well like... half a year ago.Today, I got the message from a friend, my IPv6 no longer was reacheable.Upon checking, my prefix changed...Which completely broke IPv6 here, no client is using the new prefix.I'd also need to update a lot of firewall rules to make services reachable again over ipv6.And no, I'm not gonna rely on the firewalls of the devices on my network to work, that'd be just *asking* for gaping security holes.
(DIR) Post #AQz3LxpmSCpOo5Mkcq by finlaydag33k@social.linux.pizza
2022-12-26T01:52:21Z
0 likes, 0 repeats
@sataa I got it working pretty well like... half a year ago.Today, I got the message from a friend, my IPv6 no longer was reachable.Upon checking, my prefix changed...Which completely broke IPv6 here, no client is using the new prefix.I'd also need to update a lot of firewall rules to make services reachable again over ipv6.And no, I'm not gonna rely on the firewalls of the devices on my network to work (like IPv6 wants me to), that'd be just *asking* for gaping security holes.
(DIR) Post #AQz3OPLZ8KyUiOOldI by sataa@social.linux.pizza
2022-12-26T01:52:48Z
0 likes, 0 repeats
@finlaydag33k
(DIR) Post #AQz4DguDbqbFwS3pVA by iska@mk.starnix.network
2022-12-26T02:02:04.131Z
0 likes, 0 repeats
@finlaydag33k@social.linux.pizza I hate NATs more
(DIR) Post #AQz4QpNnP3vJzu9wcC by finlaydag33k@social.linux.pizza
2022-12-26T02:04:26Z
1 likes, 0 repeats
@iska NATs are not idea no...But better than having to redo basically your entire IPv6 network when your prefix changes...Or relying on the devices themselves to have a decent enough security because they have such an amazing track record of top-notch security :stallman_thaenkin:
(DIR) Post #AQz5IHoeQ6WfWsDBZY by finlaydag33k@social.linux.pizza
2022-12-26T02:14:00Z
0 likes, 0 repeats
@privateger If my IPv4 changes, the only things that break are DNS related (just my DNS records no longer being accurate).Internet is down for the few moments it takes my router to catch on but that's it.@sataa
(DIR) Post #AQz6b04ygksJyaKska by finlaydag33k@social.linux.pizza
2022-12-26T02:28:36Z
0 likes, 0 repeats
@privateger Yes, changing addresses is bad, I agree.But this could have been prevented had IPv6 been properly designed.I'll be changing ISPs soon either we (we getting fiber) so I'll have another look at it by then (not bothering to fix it rn) but still, it's bad design.My LAN shouldn't suffer like this because my ISP does something fucky wucky.@sataa
(DIR) Post #AQz7HsGZc3UICGCfqa by sataa@social.linux.pizza
2022-12-26T02:36:26Z
0 likes, 0 repeats
@finlaydag33k @privateger I sent my friend this thread and now he's calling me a fucky wucky... ☹️
(DIR) Post #AQz7MD3mFE5RqTHkkS by finlaydag33k@social.linux.pizza
2022-12-26T02:37:12Z
0 likes, 0 repeats
@sataa You welcome :gnulightened: @privateger
(DIR) Post #AQz92NkyxpsT8bARge by iska@mk.starnix.network
2022-12-26T02:56:03.662Z
0 likes, 0 repeats
@finlaydag33k@social.linux.pizza ipv4 keeps the internet centralized (while you also have to deal with addresses changing far more)NAT is not a firewall
(DIR) Post #AQz9SvfZV3ZdqTIMm8 by finlaydag33k@social.linux.pizza
2022-12-26T03:00:50Z
0 likes, 0 repeats
@iska I'm not saying IPv4 is perfect it definitely does have its downsides (like... you know... being very limited in addresses).And no, NAT is not a firewall (on its own), however, NAT does make it a *lot* easier to build a firewall around your network yet allow certain traffic through.If I need to portforward my Traefik, I yeet it to *a never changing address*.If I need to portforward my MC, I yeet it to a *never changing address*.With IPv6? As shown already, have fun with that.
(DIR) Post #AQz9YJTkPAZZ8WKdiS by sataa@social.linux.pizza
2022-12-26T03:01:49Z
0 likes, 0 repeats
@finlaydag33k @iska Your asterisks are in slightly different places and it's PISSING ME OFF🤣
(DIR) Post #AQz9cU7ilnqZJD1CqG by finlaydag33k@social.linux.pizza
2022-12-26T03:02:34Z
0 likes, 0 repeats
@sataa Deal with it.*puts on sunglasses*@iska
(DIR) Post #AQzAUPOIa8SYGhU9J2 by iska@mk.starnix.network
2022-12-26T03:12:19.778Z
0 likes, 0 repeats
@finlaydag33k@social.linux.pizza this assumes you own the NAT/router.Also your ipv6 being changed is an ISP issue, v4 would have that too.
(DIR) Post #AQzBOquXRyIDpwTnqC by finlaydag33k@social.linux.pizza
2022-12-26T03:22:31Z
0 likes, 0 repeats
@iska Yea, I own the NAT/router.Also, IPv4 changing only really affects some DNS things and maybe a few moments of downtime until my router catches up to it.All I need to do is update my DNS and wait for it to propagate.It has happened a few times in the past but didn't really affect my LAN.This one IPv6 change though, screwed up everything IPv6 related in the entire network (IPv6 LAN was broken, IPv6 WAN also no longer worked).
(DIR) Post #AQzCAoXJa8oaN8UFXM by iska@mk.starnix.network
2022-12-26T03:31:11.963Z
0 likes, 0 repeats
@finlaydag33k@social.linux.pizza not everyone can change NAT settings.I never said anything against v4 on a local network.
(DIR) Post #AQzCMvufysjUj4C0iO by finlaydag33k@social.linux.pizza
2022-12-26T03:33:21Z
0 likes, 0 repeats
@iska I mean... those that can't change it probably shouldn't change it...Unless I'm missing a very specific case?
(DIR) Post #AQzCTDj8f7EdiDnIsS by iska@mk.starnix.network
2022-12-26T03:34:31.110Z
0 likes, 0 repeats
@finlaydag33k@social.linux.pizza Unless I'm missing a very specific case?chinese people hosting websites n things
(DIR) Post #AQzDGWYtQKSIJhVmpE by finlaydag33k@social.linux.pizza
2022-12-26T03:43:24Z
0 likes, 0 repeats
@iska You can do it perfectly fine in China.The only extra issues you have are:- The requirement of an ICP license (which can be obtained "relatively" easily).- Getting beyond the GFOC (In which case, IPv6 is gonna do exactly nothing for you anyways).Most of those issues are legal issues not technical issues.
(DIR) Post #AR05LXzOwFTdiVkraq by finlaydag33k@social.linux.pizza
2022-12-26T13:49:23Z
0 likes, 0 repeats
@rick My prefix changed and everything IPv6 related here ceased to work.Something I wouldn't have with IPv4.My IPv4 changing would only cause a minor interruption on my service.My IPv6 changing took down literally my entire IPv6 network.
(DIR) Post #AR0AQMtG8DPcVq04R6 by finlaydag33k@social.linux.pizza
2022-12-26T14:46:15Z
0 likes, 0 repeats
@rick I mean, I did try that but then I'd still have to do an absolute metric boatload of updates to get my services to work again (update every firewall rule to use the new IPs so packets get allowed again... Which involves me having to look up each IP on each machine, which is gonna take ages).IPv6 only really solved 1 issue (address exhaustion) but created 1337666 additional issues for no reason.
(DIR) Post #AR0KQBNlut44MZp38i by lp0_on_fire@social.linux.pizza
2022-12-26T16:38:18Z
0 likes, 0 repeats
I've only ever used ISPs which provide static addressing. I don't want IP addresses or blocks being changed suddenly and quietly.DHCP with static allocations for IPv4; radvd for IPv6.I mostly agree re. firewalling – get as much of it as you reasonably can (likely to be all of it) done at the edge of your network(s). (Firewall config UIs? Stick them where the sun doesn't shine. I want scriptable using iptables, ip6tables and the like.)