1. Forum
  2. Fidonet
  3. IPV6

  • Connection Tests

    From Michiel van der Vlist@2:280/5555 to Victor Sudakov on Mon Apr 24 16:22:01 2023
    Hello Victor,

    On Monday April 24 2023 01:20, you wrote to me:

    Only when you know the IPv6 address and port beforehand.

    When runing servers you normally do...

    P2P apps like Transmission are not really servers.

    Well they are in the strict sense of the word, but people just start
    them up and hope for them to work out of the box,

    That's their problem...

    and they are often configured by default to randomize port numbers on
    each start.

    Bad practise...

    Usually an IPv6 address on the home LAN is dynamic (SLAAC),

    No. SLAAC addresses are not dynamic. They are derived from the
    MAC address.

    Not any more. AFAIK the recent implementation of SLAAC uses the
    privacy extensions which do not use the MAC address but some random numbers to derive the IPv6 host address.

    Privacy extensions use random numbers for the host part. AFAIK SLAAC still uses the MAC address. What I do see is that DHCP6 is often preferred over SLAAC and the host part of a DHCP6 address also looks random. But it definitely is a fixed address. So no problem.

    and the port in peer-to-peer applications, VoIP applications etc
    is often dynamic too.

    VOIP normally uses standard ports.

    SIP (the signalling protocol) does, but the RTP uses random ports. A firewall has no way to know the RTP dynamic port numbers unless it inspects the SIP protocol.

    If those "random" ports are previously initaiated by the SIP protocol there should be no problem.

    The situation is different of course when you are hosting an
    IPv6 web-server or something like that. It would have a fixed
    IPv6 address and port anyway, so there is no need for
    punch-holing the firewall.

    Indeed.

    I don't really understand your point. If we decide that UPnP (think "automatic firewall configuration from the inside") is desirable for
    IPv4,

    That "we" does not include me. I have never used UPnP, have always had it disabled in my routers and never had any need for it.

    I consider UPnP a security risk.

    So maybe I am not the right person to discuss this "issue".

    then it's desirable for IPv6 too. If we decide that UPnP is not
    desirable, you can do without it in IPv4: just configure a static
    RFC1918 address and port on your internal "server" and create a static NAT/portmapping entry on the router.

    Works for me...


    Cheers, Michiel

    --- GoldED+/W32-MSVC 1.1.5-b20170303
    * Origin: he.net certified sage (2:280/5555)