D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Dynamic DNS

 

On 19/01/12 05:53, Kai Hendry wrote:
> 
>> Probably bandwidth, reliability and prevalence of NAT/PAT
> 
> I imagine that IPs are typically dynamically dolled out, but I don't
> think ISPs generally put >1 person behind an IP, or do they?

Entire countries are behind a handful of IP addresses, but yes if you
have a NAT router you can connect lots of people behind it. But more
importantly you might have two devices that want to receive incoming
IPv4 on port 80 and only one IP address, it is the number of hosts
behind that matters not the number of people.

If you have more than one IP address you could do up to as many as you
have IP addresses.

CISCO use to have a cool application level gateway for DNS with port
forwarding which watched the DNS requests, and mapped a small set of IP
addresses to the machines whose names were looked up. Cool but totally
useless for the average home user with one IP address. I did design a
network using it once for people with lots of stuff.

>> Unlikely hopefully otherwise the malware would be doing it. There is
>> only one port 80 per NAT device (typically).
> 
> If malware could punch open with uPnP... is it actually used at all?

Yes, I believe Skype can (or did) use it to try and punch a port open,
possible the Xbox, I dare say there is other stuff.

As the DD-Wrt documentations says - go to the NAT section and enable
uPNP - says all you need to know about universality of the solution. I
disable uPNP if I notice it enabled as authentication less changes to
devices I typically use as a firewall are a bad thing in my book.

>> Maybe with IPv6.....
> 
> Yes, I wanted to get onto that. IPV6 IIUC needs some sort of bridge to
> work in any case.

As Martijn says no you can have a public IP address per host with IPv6
you might still have a dynamic DNS requirement, but at least there is no
NAT.

Currently you can use a VPN provider IPv4 or IPv6 (or both) and when you
connect you could accept requests for that IP address, but that is worse
than having a VPS (but the Chinese are use to it).

Of course it remains to be seen how ISPs use IPv6 on a large scale, I'm
hoping we move firewalling requirements to the end nodes in general, I
think we are ready for that, but I'm not holding my breath. i.e. No
network firewalls on residential equipment or at least not on the WiFi bits.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq