Australia

3736 readers

182 users here now

A place to discuss Australia and important Australian issues.

Before you post:

If you're posting anything related to:

The Environment, post it to Aussie Environment
Politics, post it to Australian Politics
World News/Events, post it to World News
A question to Australians (from outside) post it to Ask an Australian

If you're posting Australian News (not opinion or discussion pieces) post it to Australian News

Rules

This community is run under the rules of aussie.zone. In addition to those rules:

When posting news articles use the source headline and place your commentary in a separate comment

Banner Photo

Congratulations to @[email protected] who had the most upvoted submission to our banner photo competition

Recommended and Related Communities

Be sure to check out and subscribe to our related communities on aussie.zone:

Plus other communities for sport and major cities.

https://aussie.zone/communities

Moderation

Since Kbin doesn't show Lemmy Moderators, I'll list them here. Also note that Kbin does not distinguish moderator comments.

Additionally, we have our instance admins: @[email protected] and @[email protected]

founded 2 years ago

MODERATORS

[email protected]

Fucking Optus doesn't provide ipv6 over cell. And starlink has cgnat. (lemm.ee)

submitted 1 day ago by [email protected] to c/[email protected]

30 comments fedilink hide all child comments

Why must our internet infrastructure be so fucked.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 17 hours ago (1 children)

I think it’s a good thing that telcos NAT their customers. The last thing we want is for the Internet to be able to easily connect to those devices.

That's the job of a firewall, not a NAT.

That a NAT also blocks connections is incidental, it's blocking them because it just has no idea how to handle them.

[–] [email protected] 2 points 16 hours ago

Having been on the other end of this situation before, I'm going to disagree with this take. On a normal network, yes - you have a firewall to block traffic except to specific IPs/ports. Once you are in the Millions of nodes realm though (and I only ever got into the hundreds of thousands), a firewall is too unwieldy. You can never keep it up to date with all your customers comings and goings. Imagine you have 10 million customer devices and 0.01% of them come or go on any given day. That's 10,000 firewall updates per day. You're spending a lot of tech time maintaining and updating that firewall, and you introduce a small risk of an incident with every firewall update. And for what? For the most annoying of your customers.

Sorry to be blunt, but it's true. The tiny proportion of customers who want to be able to remotely connect to their home networks are the first to complain about any sort of network congestion (particularly uploads, which regular users don't even notice). They make a lot of noise about every $5/month price increase. They are the most likely to be doing sketchy stuff on the network. And six months down the line when there's some new exploit, they're the most likely vector into the network of the latest worm as they didn't maintain their security updates diligently. It is far easier to simply not cater to them and let them be someone else's problem. As customers, they aren't profitable.

You handle this by putting your static IP customers on a special VLAN and charge them for the service. And then yes: you have a manageable firewall sample.