this post was submitted on 21 Jul 2023
19 points (100.0% liked)
IPv6
317 readers
3 users here now
IPv6 Discussions
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm not sure i understand. If the traffic needs to be generated from the lan, does that mean that when i'm away from home the server needs to regularly try to ping my device so that my device can send it traffic?
That would be one way, but your phone would drop the unsolicited traffic.
This is why people recommend using a VPN when away from your home for anything self hosted. Your VPN connection will bring you into the trusted LAN so you can talk unsolicited.
Much like how you need to setup port forwarding for your servers back in the IPv4 days, you need to setup firewall rules for IPv6 servers.
"If a packet is arriving in server IP:Port, simply accept it"
Basically, with stateful firewalls traffic is disallowed by default unless the thing in the LAN is the one that initiates it. You add exceptions to say oncoming traffic is allowed on certain ports to certain devices.
The only difference v.s. port forwarding & NAT is that you can refer to different devices explicitly off of the LAN, meaning you could host two ssh instances, both on port 22, and have your firewall allow traffic through to both. You can then ssh outside the LAN on port 22 to either device. With port forwarding and NAT, since you only have 1 IP that isn't possible.
The convenience factor is you can say things like, both services run on port 443 and host a web server. Both services get their own IP you can refer too off of the LAN, and you just add an exception to the firewall to let incoming traffic through on those ports on either IP. No finnicking around with reverse proxies pointing to different hosts needed.