IPv6 is so much better. Have a bunch of different services at home, just add rules to allow what I want through the router firewall, and they can each provision a Let's Encrypt certificate (as they each have a port 80 and port 443, instead of having to share the), and each be accessible from the Internet (without having to set up port forwarding).

@sgryphon ...share the IP, right?

Interesting. However, you have still to set up ipv4 if you want to be reached from ipv4 networks, right?

@aluaces to be more specific, you don't need to set up IPv4 on the IPv6 machine, or your internal network, hence simplifying as you only need one set of configuration, one firewall, etc. (compared to dual stack).

You do however need to have IPv4 access on some other (single) machine to act as an outgoing NAT64 / incoming proxy.

But this is largely the same for IPv4 as you only have private IPv4 addresses so for outgoing need to go through NAT44 and incoming needs to port forward/proxy.

The gateway needs a public IPv4 address in both cases, but the rest of the IPv4 world does not know (can not tell) if your internal network is an IPv4 private range or IPv6.

@sgryphon Much appreciated! I was not challenging the idea of going ipv6-only, but just making sure that the steps to follow when targeting ipv4 clients involve some sort of natting.

Your posts were very clear and useful to me.

@aluaces IPv4 usually require NAT anyway.

At least with an IPv6 server there is only one NAT, compared to hosting provider NAT to 10.x range, then virtual machine NAT to 192.168 range, then container NAT to 172.16 range.

An IPv4 private 172.16 k8s pod is as unreachable by an IPv4 client as IPv6. Any solution with IPv4 (even without IPv6) needs NAT.

@sgryphon Not arguing about IPv6, I fully agree with you in that regard.

My case is of a friend that wants to , and he has a IPv6 IP only. For example, he cannot access his computer from his mobile phone. He can from his workplace, since it's also IPv6. Neither I could access his homepage since my country is mostly IPv4.

I guess if you plan to travel might hit that problem as well, so you always end having to fall-back to a IPv4 NATting system.

I know and I also considered , although I don't know if it works for ports different than http{,s}.

@aluaces I just tested Cloudflare free plan on one of my websites. The site only has an AAAA address, but Cloudflare proxies both A and AAAA for you.

@sgryphon Indeed I had the time to try it, and it works very well, I can now access that ipv6 server from my ipv4 network. Thanks!

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.