Posted by petercooper 1/20/2026
its correct in other tables.
Purely hypothetical, of course
For example, WhatsApp tries to connect to at least two servers on UDP port 3478 without asking the user if this is what they want to do or explaining the purposes of these connections
Example server addresses are
57.144.221.54
31.13.70.48
3478 is the port used for "Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)", or "STUN" for short
https://www.ietf.org/rfc/rfc3489.txt
Perhaps IPv6 would obviate the need for STUN
[0]: `<meta content="initial-scale=1,width=device-width" name="viewport">`
<meta name="viewport" content="width=device-width,initial-scale=1">IPv6 has failed at being better, being accessible, or both. Rather than punish people for failing to adopt something that isn't better or easy to get, either improve IPv6 so that it's actually attractive or admit defeat and start work on the next version that people will genuinely want.
The moment you start thinking "Let's make what people have now worse until they move to this other thing they don't want" its an admission that whatever you're pushing people to is shit.
I don't agree that it has. IPv6 is clearly better (no collisions between address space and thus no NAT requirement), and it's perfectly accessible to anyone who actually tries. I'm not by any means a top tier network guy but even to me IPv6 is dead easy to setup. The problem with the v6 transition is that people have very inaccurate views on one or both of those points (usually they falsely believe NAT provides security benefits, or they falsely believe IPv6 is a difficult thing to implement). I'm not sure how to fix this widespread misinformation but that is the problem from what I've seen.
Maybe one day in the distant future, IPv4 collisions/shortages will be an actual problem for most people. If that happens, those people will naturally make the switch. Until then, why would they?
It turns out a bunch of people actually like NAT. They like it so much that they pushed for solutions like NAT66 so that they can keep it even after switching to IPv6.
If IPv6 offered substantially better security/privacy, speeds, reliability, or introduced some new killer feature people didn't even know they wanted until they learned about it there wouldn't be any reason to try to force people to move to v6. Because it doesn't do any of that, and most people are happy with IPv4, they'll stick with what has been working for them.
No, backwards compatibility is not the problem here: IPv6-only hosts can easily connect to IPv4 hosts. Just append "64:ff9b::" to an existing IPv4 address, like so: 64:ff9b::8.8.8.8. Even prior to NAT64, we have plenty of schemes like 6to4 to bridge IPv4 and IPv6.
But no IPv4 hosts can ever connect to IPv6 hosts, or IPv7, or IPvInfinite for that matter. I will refer to my previous comment on why that is: https://news.ycombinator.com/item?id=46469336
Addressing works differently (no broadcast, multicast everywhere, link-local is mandatory). Configuration works differently (SLAAC, RA, DHCPv6 is not a drop-in replacement for regular DHCP). Neighbor discovery replaces ARP and depends on ICMPv6 working. Fragmentation behavior changed. NAT is “not a thing” by design, which breaks a bunch of assumptions people built entire networks around.
Admittedly, it's not compatible in the ways that _aren't_ possible. But it's highly unreasonable to blame that on the people who designed v6.
I think there needs to be a push for IPv6-first networks for companies. ISPs in the US are pretty good about IPv6. But network engineers learned IPv4, and don't want to change what works, so companies lag behind. Changing existing networks is hard, but IPv6 is good candidate for new networks. This includes writing docs and eventually the education so IPv6 is the default.
At this point the services I am running are far more lucrative than the IP space itself is turning out to be.
In either case, if you end up with internet resources you can trawl through sites like https://bgp.services/ to find a cheap VPS provider near you that supports peering. I run my own AS and advertise 3 network blocks (2 IPv4 + 1 IPv6) out of 2 different DCs for several hundred $ per year all in all (including renewal fees, VPS, taxes, etc).
And I have the same texture too! I hadn't observed it until your message
I have it both under Firefox or Chromium, and whether my tabs are vertical or not. It's just the website's background.
1. My AppleTV began stuttering during playback.
2. My old iMac began crashing every time it connected to the wifi.
At least the iMac has an option to disable IPv6. The AppleTV has no such option so I had to do it in the router.
It's obvious to anyone that looks at the two formats that any kind of hacky workaround like NAT gateways will be preferable indefinitely to actually adopting the monstrosity that is IPv6.
- TURN and STUN trivially bypass this side-effect, and a side effect of that is a third party has to often be involved, which can be collecting data later leaked or used against you.
- The monstrosity of NAT is that it's the core thing that drives centralization - because of NAT any two Internet hosts generally have to involve a third party to communicate, a third party which again, can be collecting data later leaked or used against you.
If you don't care about the security implications of the above, then you don't really care about the "firewall" either.
And the attacks you mentioned are initiated from the inside. Not what I stated, that NAT is a sort of a firewall for incoming connections.
The ISP doesn't meaningfully see packets as long as encryption is used. It sees stuff that if analyzes can be used to make guesses, but that's about it. I probably should have used a better term than "third party" but I was meaning services that collect data on everyone like Facebook, Twitter, etc. These services actually receive meaningful, trackable, surveillable data about you and they would not have to receive as much if NAT wasn't a thing.
Inside attacks are important. If you don't care about those, saying you like NAT because of any security benefit doesn't make sense.
| upnpc -a 192.x.x.x 8080 80 tcp
And to my surprise it just worked. This friend just upgraded to fiber and had just received a new router.
OK, let's say I send a packet to your router's external interface with destination IP set to internal address of one of nodes in your network.
Will it reach your internal host? Will I get a response? ;-) I hope you now appreciate how NAT is not a firewall at all.