[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 19/01/12 05:53, Kai Hendry wrote: > >> Probably bandwidth, reliability and prevalence of NAT/PAT > > I imagine that IPs are typically dynamically dolled out, but I don't > think ISPs generally put >1 person behind an IP, or do they? Entire countries are behind a handful of IP addresses, but yes if you have a NAT router you can connect lots of people behind it. But more importantly you might have two devices that want to receive incoming IPv4 on port 80 and only one IP address, it is the number of hosts behind that matters not the number of people. If you have more than one IP address you could do up to as many as you have IP addresses. CISCO use to have a cool application level gateway for DNS with port forwarding which watched the DNS requests, and mapped a small set of IP addresses to the machines whose names were looked up. Cool but totally useless for the average home user with one IP address. I did design a network using it once for people with lots of stuff. >> Unlikely hopefully otherwise the malware would be doing it. There is >> only one port 80 per NAT device (typically). > > If malware could punch open with uPnP... is it actually used at all? Yes, I believe Skype can (or did) use it to try and punch a port open, possible the Xbox, I dare say there is other stuff. As the DD-Wrt documentations says - go to the NAT section and enable uPNP - says all you need to know about universality of the solution. I disable uPNP if I notice it enabled as authentication less changes to devices I typically use as a firewall are a bad thing in my book. >> Maybe with IPv6..... > > Yes, I wanted to get onto that. IPV6 IIUC needs some sort of bridge to > work in any case. As Martijn says no you can have a public IP address per host with IPv6 you might still have a dynamic DNS requirement, but at least there is no NAT. Currently you can use a VPN provider IPv4 or IPv6 (or both) and when you connect you could accept requests for that IP address, but that is worse than having a VPS (but the Chinese are use to it). Of course it remains to be seen how ISPs use IPv6 on a large scale, I'm hoping we move firewalling requirements to the end nodes in general, I think we are ready for that, but I'm not holding my breath. i.e. No network firewalls on residential equipment or at least not on the WiFi bits. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq