Re: [External] Re: IPv6 uptake

[William Herrin <bill () herrin us>]

On Mon, Feb 19, 2024 at 10:31 AM Tim Howe <tim.h () bendtel com> wrote:
> On Mon, 19 Feb 2024 10:01:06 -0800
> William Herrin <bill () herrin us> wrote:
> > So when the user wants to run a home server, their IPv4 options are to
> > create a TCP or UDP port forward for a single service port or perhaps
> > create a generic port forward for every port to a single internal
> > machine. Protocols other than TCP and UDP not supported.
>
>         OK, but I'm not sure what you are getting at by saying this is
> TCP and UDP exclusive... I don't know why it would be; what's the
> example you think is typically being denied?

Hi Tim,

NATs don't generally process protocols like GRE, ESP (IPSEC), SCTP and
most of the hundred fifty or so other protocols that sit atop IPv4.
They don't have code that would make it possible to process those
packets. They're generally TCP, UDP, and ICMP. Anything else is
necessarily dropped.


> The assumption being that a guardrail for someone being really
> self-destructive is removed.

In more sophisticated scenarios where subtler errors are possible, I
described it as a "security layer" rather than a "guardrail." But yes:
we're talking about the same thing.


>         I still believe that the statement "IPv6 is typically delivered
> to "most people" without border security" to be demonstrably false.

I concede the claim. I am satisfied with your evidence that I was in error.

Regards,
Bill Herrin


-- 
William Herrin
bill () herrin us
https://bill.herrin.us/