True. If you need to buy hardware, might as well get the ones that support IPv6 since it'll be cheaper to run it in the long term.
I seriously don't think you have a choice, I don't think you can find a router that does not support ipv6.
People have to start grasping the fact that ipv6 has been a standard for 25 years, it is not something new.
The core specification for the IPv6 protocol was first published in 1995 as RFC 1883, and has seen a number of enhancements and updates since then. It formally became a full standard (as opposed to a draft standard) in 2017 with the publication of RFC 8200, although IPv6 had already been deployed for many years.
In December 1998, IPv6 became a Draft Standard for the IETF,[2] which subsequently ratified it as an Internet Standard on 14 July 2017.
So IPv6 was only a full "standard" for 7 years, not 25.
You would be surprised as to how many standards are actually still classified as drafts. IETF ratifying it as an internet standard is just the next step, it was considered a standard long before that.
I've been personally running ipv6 for over 20 years so I know it works and have done so for a very long time.
Anyway, what I need now is a good firewall solution for my devices that are now exposed to the internet. I was previously using the router's firewall + NAT to block most ports from the internet and was only accessing them over home network. Now that everything is open to the internet I need to change all the passwords, block root access and remove "unsafe" servers I was running as test...
You should not have everything open on the internet just because you run ipv6, you should run a firewall with default to deny in front of your servers and then open only the ports you want to be open. Exactly as you do with NAT, but without the NAT part.
True. If you need to buy hardware, might as well get the ones that support IPv6 since it'll be cheaper to run it in the long term.
I seriously don't think you have a choice, I don't think you can find a router that does not support ipv6.
People have to start grasping the fact that ipv6 has been a standard for 25 years, it is not something new.
The core specification for the IPv6 protocol was first published in 1995 as RFC 1883, and has seen a number of enhancements and updates since then. It formally became a full standard (as opposed to a draft standard) in 2017 with the publication of RFC 8200, although IPv6 had already been deployed for many years.
In December 1998, IPv6 became a Draft Standard for the IETF,[2] which subsequently ratified it as an Internet Standard on 14 July 2017.
So IPv6 was only a full "standard" for 7 years, not 25.
You would be surprised as to how many standards are actually still classified as drafts. IETF ratifying it as an internet standard is just the next step, it was considered a standard long before that.
I've been personally running ipv6 for over 20 years so I know it works and have done so for a very long time.
Anyway, what I need now is a good firewall solution for my devices that are now exposed to the internet. I was previously using the router's firewall + NAT to block most ports from the internet and was only accessing them over home network. Now that everything is open to the internet I need to change all the passwords, block root access and remove "unsafe" servers I was running as test...
You should not have everything open on the internet just because you run ipv6, you should run a firewall with default to deny in front of your servers and then open only the ports you want to be open. Exactly as you do with NAT, but without the NAT part.
True. If you need to buy hardware, might as well get the ones that support IPv6 since it'll be cheaper to run it in the long term.
I seriously don't think you have a choice, I don't think you can find a router that does not support ipv6.
People have to start grasping the fact that ipv6 has been a standard for 25 years, it is not something new.
The core specification for the IPv6 protocol was first published in 1995 as RFC 1883, and has seen a number of enhancements and updates since then. It formally became a full standard (as opposed to a draft standard) in 2017 with the publication of RFC 8200, although IPv6 had already been deployed for many years.
In December 1998, IPv6 became a Draft Standard for the IETF,[2] which subsequently ratified it as an Internet Standard on 14 July 2017.
So IPv6 was only a full "standard" for 7 years, not 25.
You would be surprised as to how many standards are actually still classified as drafts. IETF ratifying it as an internet standard is just the next step, it was considered a standard long before that.
I've been personally running ipv6 for over 20 years so I know it works and have done so for a very long time.
Well, it was around 2013 that we started getting IPv6 support from our ISPs, which is way before the final standardization. As for servers, I guess IPv6 has been around for a while.
@rcy026 said:
You should not have everything open on the internet just because you run ipv6, you should run a firewall with default to deny in front of your servers and then open only the ports you want to be open. Exactly as you do with NAT, but without the NAT part.
My issue are the test servers I use. The test servers have their firewall disabled (more like never installed/configured) and running insecure applications (non ssl, no logins or any concern for security when the app was created) that were meant to be run only on local network. Since I cannot block the ports, all I can do is disable IPv6 for those servers and work on locking the app behind a password...
Yep, you are right. The IPv6 servers are still not accessible from outside my router and I can now see the IPv6 firewall rules on my router's firewall page (bellow the IPv4 firewall rules)! That's good to know! Thank you!
True. If you need to buy hardware, might as well get the ones that support IPv6 since it'll be cheaper to run it in the long term.
I seriously don't think you have a choice, I don't think you can find a router that does not support ipv6.
People have to start grasping the fact that ipv6 has been a standard for 25 years, it is not something new.
The core specification for the IPv6 protocol was first published in 1995 as RFC 1883, and has seen a number of enhancements and updates since then. It formally became a full standard (as opposed to a draft standard) in 2017 with the publication of RFC 8200, although IPv6 had already been deployed for many years.
In December 1998, IPv6 became a Draft Standard for the IETF,[2] which subsequently ratified it as an Internet Standard on 14 July 2017.
So IPv6 was only a full "standard" for 7 years, not 25.
You would be surprised as to how many standards are actually still classified as drafts. IETF ratifying it as an internet standard is just the next step, it was considered a standard long before that.
I've been personally running ipv6 for over 20 years so I know it works and have done so for a very long time.
Anyway, what I need now is a good firewall solution for my devices that are now exposed to the internet. I was previously using the router's firewall + NAT to block most ports from the internet and was only accessing them over home network. Now that everything is open to the internet I need to change all the passwords, block root access and remove "unsafe" servers I was running as test...
You should not have everything open on the internet just because you run ipv6, you should run a firewall with default to deny in front of your servers and then open only the ports you want to be open. Exactly as you do with NAT, but without the NAT part.
Your router firewall can still block most traffic
I'd be amazed if almost all domestic routers supplied by ISPs don't come pre-configured with their IPv6 firewall set to block by default. Mine certainly was, is that not the norm?
@rcy026 said:
You should not have everything open on the internet just because you run ipv6, you should run a firewall with default to deny in front of your servers and then open only the ports you want to be open. Exactly as you do with NAT, but without the NAT part.
Your router firewall can still block most traffic
I'd be amazed if almost all domestic routers supplied by ISPs don't come pre-configured with their IPv6 firewall set to block by default. Mine certainly was, is that not the norm?
If you are using the ISP supplied router, you are leaving performance on the table. NEVER use their provided routers (unless you got no choice) or you got a very good ISP who do not flash the router with their own firmware... I prefer using my own Asus router but openWRT based routers are good enough as well.
@somik said:
... NEVER use their provided routers (unless you got no choice) ...
Probably a case of suck it and see for most. I actually abandoned the router for a direct connection to a server, but for increased functionality and control not performance.
I kicked the tyres on the ISP's router when I [finally] got FTTP and it seemed to perform fine, vanilla firmware as far as I could tell, YMMV.
@somik said:
... NEVER use their provided routers (unless you got no choice) ...
Probably a case of suck it and see for most. I actually abandoned the router for a direct connection to a server, but for increased functionality and control not performance.
I kicked the tyres on the ISP's router when I [finally] got FTTP and it seemed to perform fine, vanilla firmware as far as I could tell, YMMV.
As long as you can see the "firmware upgrade" option and are able to upgrade it using the firmware available on manufacturer's website, it's ok. The issue is that most "free" routers that the ISP provides are just too cheap to support people who visit these types of forums. Some do not support port forwarding and those which seems ok are too low powered to support 1gbps connection to multiple devices while providing WiFi for the house. It just heats up and crashes, leaving people in the house blaming your server for the internet going down (ask me how i know...).
As for IPv6, luckily the ISP provided router does support it but there were no instructions on how to get a IPv6 address and the ISP's technician who come and setup the ONT and router leaves IPv6 disabled...
As long as you can see the "firmware upgrade" option and are able to upgrade it using the firmware available on manufacturer's website, it's ok. The issue is that most "free" routers that the ISP provides are just too cheap to support people who visit these types of forums. Some do not support port forwarding and those which seems ok are too low powered to support 1gbps connection to multiple devices while providing WiFi for the house. It just heats up and crashes, leaving people in the house blaming your server for the internet going down (ask me how i know...).
As for IPv6, luckily the ISP provided router does support it but there were no instructions on how to get a IPv6 address and the ISP's technician who come and setup the ONT and router leaves IPv6 disabled...
That's strange, around here most of the ISP's provide pretty good routers that work very well out of the box. No ISP want people calling support since that is expensive so providing a router that works is kind of basic common sense.
As long as you can see the "firmware upgrade" option and are able to upgrade it using the firmware available on manufacturer's website, it's ok. The issue is that most "free" routers that the ISP provides are just too cheap to support people who visit these types of forums. Some do not support port forwarding and those which seems ok are too low powered to support 1gbps connection to multiple devices while providing WiFi for the house. It just heats up and crashes, leaving people in the house blaming your server for the internet going down (ask me how i know...).
As for IPv6, luckily the ISP provided router does support it but there were no instructions on how to get a IPv6 address and the ISP's technician who come and setup the ONT and router leaves IPv6 disabled...
That's strange, around here most of the ISP's provide pretty good routers that work very well out of the box. No ISP want people calling support since that is expensive so providing a router that works is kind of basic common sense.
Here, they used to provide Aztech routers. Then they "upgrade" to Huawei after 2 years (during re-contract period).
When I switched internet provider to go with M1 they provided a Asus router (mid range one). Next recontract (2 years down the line) they actually provided with one of the best Asus routers, RT-AX88U which I happily accepted, even though I had to upgrade to the 2x 1Gbps network. Funnily, I only got 1 router for the 2x 1Gbps connection where they clearly stated that I need 2 rotuers to enjoy the dual network. I use one for my servers (since it has fixed IP) and the other one for my home internet.
Last year, during recontract, they provided the upper mid-range RT-AX56U since they provided us with 2x of these routers along with 1 "free" chinese branded android TV... Well, it's not bad but nothing comapred to the AX88U that they gave the previous time... Was hoping to get one more of those...
Comments
You would be surprised as to how many standards are actually still classified as drafts. IETF ratifying it as an internet standard is just the next step, it was considered a standard long before that.
I've been personally running ipv6 for over 20 years so I know it works and have done so for a very long time.
You should not have everything open on the internet just because you run ipv6, you should run a firewall with default to deny in front of your servers and then open only the ports you want to be open. Exactly as you do with NAT, but without the NAT part.
Your router firewall can still block most traffic
The all seeing eye sees everything...
Well, it was around 2013 that we started getting IPv6 support from our ISPs, which is way before the final standardization. As for servers, I guess IPv6 has been around for a while.
My issue are the test servers I use. The test servers have their firewall disabled (more like never installed/configured) and running insecure applications (non ssl, no logins or any concern for security when the app was created) that were meant to be run only on local network. Since I cannot block the ports, all I can do is disable IPv6 for those servers and work on locking the app behind a password...
Yep, you are right. The IPv6 servers are still not accessible from outside my router and I can now see the IPv6 firewall rules on my router's firewall page (bellow the IPv4 firewall rules)! That's good to know! Thank you!
Websites have ads, I have ad-blocker.
I'd be amazed if almost all domestic routers supplied by ISPs don't come pre-configured with their IPv6 firewall set to block by default. Mine certainly was, is that not the norm?
If you are using the ISP supplied router, you are leaving performance on the table. NEVER use their provided routers (unless you got no choice) or you got a very good ISP who do not flash the router with their own firmware... I prefer using my own Asus router but openWRT based routers are good enough as well.
Websites have ads, I have ad-blocker.
Probably a case of suck it and see for most. I actually abandoned the router for a direct connection to a server, but for increased functionality and control not performance.
I kicked the tyres on the ISP's router when I [finally] got FTTP and it seemed to perform fine, vanilla firmware as far as I could tell, YMMV.
As long as you can see the "firmware upgrade" option and are able to upgrade it using the firmware available on manufacturer's website, it's ok. The issue is that most "free" routers that the ISP provides are just too cheap to support people who visit these types of forums. Some do not support port forwarding and those which seems ok are too low powered to support 1gbps connection to multiple devices while providing WiFi for the house. It just heats up and crashes, leaving people in the house blaming your server for the internet going down (ask me how i know...).
As for IPv6, luckily the ISP provided router does support it but there were no instructions on how to get a IPv6 address and the ISP's technician who come and setup the ONT and router leaves IPv6 disabled...
Websites have ads, I have ad-blocker.
That's strange, around here most of the ISP's provide pretty good routers that work very well out of the box. No ISP want people calling support since that is expensive so providing a router that works is kind of basic common sense.
Here, they used to provide Aztech routers. Then they "upgrade" to Huawei after 2 years (during re-contract period).
When I switched internet provider to go with M1 they provided a Asus router (mid range one). Next recontract (2 years down the line) they actually provided with one of the best Asus routers, RT-AX88U which I happily accepted, even though I had to upgrade to the 2x 1Gbps network. Funnily, I only got 1 router for the 2x 1Gbps connection where they clearly stated that I need 2 rotuers to enjoy the dual network. I use one for my servers (since it has fixed IP) and the other one for my home internet.
Last year, during recontract, they provided the upper mid-range RT-AX56U since they provided us with 2x of these routers along with 1 "free" chinese branded android TV... Well, it's not bad but nothing comapred to the AX88U that they gave the previous time... Was hoping to get one more of those...
Websites have ads, I have ad-blocker.