On 2/8/23 16:29, jeremy ardley wrote:
On 9/2/23 04:54, gene heskett wrote:
My several machine home net is behind a dd-wrt install, NAT'ed so that
any machine here has access to the net via the ipv4 address my router
obtains from them. That legally is a dynamic address but hasn't
changed in the decade and a half since I last switched isp's to one
that just worked courtesy of cloning the mac from one router to its
backup.
So now my question is, can I maintain the same level of security if I
start using an ipv6 address in my router?
And if so, how do I maintain the NAT, & how would I do it? Or am I
better off to not kick this sleeping dog called ipv6?
You have three options.
1. Eradicate IPv6 completely and carry on with your IPv4
2. Go all-in and use IPv6 without NAT (but still keep IPv4 with NAT),
but with the necessary firewall protections
3. Use IPv6 (and IPv4) with NAT and some firewall
Personally I use (2) - which is likely the case for most domestic users
of Internet with access to dual stack IPv4 and IPv6.
I don't know dd-wrt. In my case I use an Armbian based firewall/router
using iptables with rulesets for IPv4 (NAT) and IPv6 (native).
I find that the large majority of my web traffic is IPv6
I should also note that many internet routers these days support dual
stack IPv6 IPv4 and are generally 'safe' for domestic use. My fallbacks
if my Armbian firewall/router fails include simply giving in and putting
in a modern router/modem.
Jeremy
Thanks Jeremy. but in the back of my mind is the need for a firewall.
I've not setup a new one since bullseye moved in a year plus ago. dd-wrt
reflashing my now elderly buffalo router handles all that.
.
Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/>
