On 9/2/23 04:54, gene heskett wrote:
My several machine home net is behind a dd-wrt install, NAT'ed so that
any machine here has access to the net via the ipv4 address my router
obtains from them. That legally is a dynamic address but hasn't
changed in the decade and a half since I last switched isp's to one
that just worked courtesy of cloning the mac from one router to its
backup.
So now my question is, can I maintain the same level of security if I
start using an ipv6 address in my router?
And if so, how do I maintain the NAT, & how would I do it? Or am I
better off to not kick this sleeping dog called ipv6?
You have three options.
1. Eradicate IPv6 completely and carry on with your IPv4
2. Go all-in and use IPv6 without NAT (but still keep IPv4 with NAT),
but with the necessary firewall protections
3. Use IPv6 (and IPv4) with NAT and some firewall
Personally I use (2) - which is likely the case for most domestic users
of Internet with access to dual stack IPv4 and IPv6.
I don't know dd-wrt. In my case I use an Armbian based firewall/router
using iptables with rulesets for IPv4 (NAT) and IPv6 (native).
I find that the large majority of my web traffic is IPv6
I should also note that many internet routers these days support dual
stack IPv6 IPv4 and are generally 'safe' for domestic use. My fallbacks
if my Armbian firewall/router fails include simply giving in and putting
in a modern router/modem.
Jeremy
