Home Server On IPv6-only Internet Connection? 164
RandyOo writes "I've recently learned that our neighborhood is getting a fiber optic network, with a 100Mbps connection in each subscriber's home. IPv6 connectivity is included, but unfortunately, the only IPv4 connectivity they offer is Carrier Grade NAT, due to the exhaustion of IPv4 addresses in RIPE. I travel a lot, and I've become accustomed to accessing my home network via SSH, VNC, etc. It appears uPNP and PMP are unsupported by CGN. So, without a publicly-routed IPv4 address, I'll be unable to reach devices on my home network from an IPv4-only connection, such as the one provided by my cellular carrier (which also appears to be behind some kind of NAT, by the way). If the ISP isn't willing or able to sell me an IPv4 address, what alternatives do I have? I'd be willing to pay a small monthly fee for, say, a VPN service that would allow me to accept incoming connection requests on a range of ports on their Internet-facing IPv4 address. Does such a service exist?"
Hamachi (Score:5, Informative)
I've been using LogMeIn's Hamachi system to accomplish this. It's a virtual LAN solution that links machines behind firewalls or CGN devices. The down side is that it has to be installed on all devices that access the virtual LAN, and they don't have any mobile clients (yet), but if you need access from a device you can't install the Hamachi client on, you can always get a cheap VPS, install the linux client on it, and set up some port forwarding - the Hamachi IPs are static, so each machine always gets the same one.
There are some limitations with the free version (5 machines in a virtual LAN, connection only works with a logged in user on desktop clients), but the $30ish it costs per year for a 32 user license is very reasonable. And it supports IPv6 and IPv4 across the VLAN, too.
Re:Hamachi (Score:4, Informative)
Hamachi squats on valid address space, and may cause problems.
Re: (Score:2)
There's downsides to everything. I don't use anything in the 25.0.0.0/8 range, as the entire block is owned by the Ministry of Defense in GB. I'd wager that nobody who reads this article has ever connected to a 25/8 IP, including you, and the user inquiring about a solution to his CGN conundrum.
Re: (Score:3)
That's not the only large block. There are *lots* of blocks just like it. I was exposed to a /16 that uses maybe 4 /24's in it.
Even in blocks as (relatively) small as a /24, there is lots of dead space. Rarely do places properly plan ahead, You're *suppose* to only ask for your next /24 when you are at 80% *and* you expect to reach it in the near future.
I've seen shops put every unused IP on machines, just so they can say they're fully utilized, and get more blocks.
It's not utilization that is hurting
Re:Hamachi (Score:4, Insightful)
Actually it is utilisation. IPv4 ran out of addresses over a decade ago when NAT no longer became optional for the majority of users of the Internet. Ever since then we have been in stopgap mode. Unfortunately most users have never experience the real Internet when everyone can be both a producer and a consumer.
Re: (Score:3)
Well many have been giving back, though those who do are usually private entities. IBM gave a few /12 blocks back to IANA a few years ago, with Microsoft doing about the same.
Re:Hamachi (Score:4, Informative)
They finally fixed that? Good. They previously used 5.0.0.0/8 and it took a *long* time to figure out why certain users can't access certain web servers.
Re: (Score:2)
Wow...they should really divvy that up, especially with the UK government complaining to ISP's who are choosing NAT only solutions as opposed to dual stack. I mean think about that, 16.7 million IP addresses...I think even if you added up all of their servers, capital equipment (e.g. tanks, HMMWV's, fighter jets) and personell you'd get nowhere near 16.7 million.
Allocating v4 addresses (Score:2)
Re: (Score:2)
Re: (Score:2)
Well yes. That's 24 fucking million addresses.
Re: (Score:2)
Or 16 fucking million. Something like that.
CIDR not always supported (Score:2)
Re: (Score:2)
Well yeah, that's why I said they should divvy that up. Divvy as in divide, as in subnet it out.
Chances are I know more about networking than you do.
Re:Hamachi (Score:5, Funny)
Beware that 84% of Hamachi sold is actually butterfish which can cause anal leakage, so be careful.
http://blog.medellitin.com/2008/12/escolar-world-most-dangerous-fish.html [medellitin.com]
I'd like to hear more about changing the rolling meadow desktop thing, too.
Re:Hamachi (Score:4)
On the subject of tunnels, I'd say just go with a 6 to 4 broker on your remote end. There are a bunch of free ones such as hurricane electric. If you do that, then you've effectively got "end to end" (I'm doing air quotes) ipv6 access to your home server, even if your client side doesn't support ipv6. It's really very seamless if you set up a dynamic DNS.
Virtually all modern operating systems support 6to4 tunnels, you can even do it from the command prompt in windows vista and up (usally three to four lines of code.)
There are various android apps that do this as well, but I have no experience with iOS or windows phone (I'm a bit dubious of those two since a six to four tunnel actually requires being able to move v6 traffic over the v4 stack, and as far as I'm aware you can't do that sort of thing with those platforms due to anti-hacking restrictions - but I'm quite possibly wrong.)
Re: (Score:3)
The advantage of Hamachi, though, is that it's a direct connection between your two machines, with the only overhead being udp headers. Any tunnel is going to be bouncing you off some router who knows where, lengthening your route and possibly hitting congestion (I'd worry particularly about the free ones).
I can't speak to the current version of Hamachi, as I've not used it in years, but last time I did there was a console Linux version to go with the Mac and windows versions. It was very popular at the ti
Re: (Score:2)
I knew somebody who used an HE tunnel. I realize they're a large provider. The throughput with the tunnel was rather unimpressive, to the point where it was clear it should only be relied upon when there was no alternative. This is ironic since HE's POP is in the same building as his ISP's only POP.
Hurricane Electric (Score:2)
Hurricane Electric has been doing ths stuff for years, Check them out, Even my ISP (Teksavvy) has been using them to provide IPv6 to its clients. Not sure what they are using now.
proxy on an amazon ec2 instance? (Score:5, Informative)
Re: (Score:3, Informative)
T-Mobile is part of Deutsche Telekom: Germany is where they started from.
Bingo. (Score:3)
My provider actually is T-Mobile Germany, and surprisingly, they don't plan to deploy IPv6 until next year!
Re: (Score:2)
Cheap Linux VPS and a VPN to home (Score:5, Informative)
A cheap Linux based VPS (Virtual Private Server) will do what you want. You can set up a VPN connection between your home server and the VPS, and then connect to the VPS on its public IP and have it route to your home. I haven't set up such a thing myself, and it will be a bit laggy, but it should works for what you need.
Re: (Score:2)
I do something similir to this to access my work computer from anywhere. The company doesn't provide VPN access so I've connected my work PC to my home network via VPN. In turn I can access my home network via the same VPN (just different credentials). The only downside is that if my work computer is rebooted I have to be there to initiate the VPN connection.
Re: (Score:3)
Yes but EC2 costs way more than a cheapo VPS of the type advertised on lowendbox.com
Re:Cheap Linux VPS and a VPN to home (Score:5, Informative)
Re:Cheap Linux VPS and a VPN to home (Score:5, Informative)
Not only that, you can just keep signing up for free tier every year. I've done it myself, & all I needed to do was transfer configs to my local machine, close down my AWS account, open a new one, upload, off I go again.
It may only be a year, but they don't check names, credit card details, or address, just email address.
Toredo (Score:2)
Have you tried Toredo? (apt-get install miredo)
It goes through relays, so you will probably want to only use it for small transfers. Alternatively, you can use a Linode VPS, which have IPv6 enabled by default, so you can configure an ipsec tunnel or equivalent from there.
Re: (Score:2)
He'd be stuck with whatever Teredo relays his provider is offering. As far as I know many providers don't even run their own Teredo relays either. In that case his provider would be forwarding the packets to some third party relay. In that case there would be no guarantees about the reliability
Re:Toredo (Score:4, Informative)
No very much the opposite actually. Remember you are tcp or Udp inside the tunnel as well. For the inner Udp a lost packet is simply a lost packet like any other, the application will have been designed to handle that because its the nature of Udp. For tcp a lost tunnel packet will result in the inner tcp seeing a lost packet, there will be no ack and it will do what tcp always does a retransmit, the outer tunnel layer will encapsulate it in a new Udp packet and things will work fine.
Often tcp tunneled in tcp performs badly on lossy links. What happens if the stacks have not worked out the window sizes just right you get BOTH the inner and otter tcp doing a retransmit. This results in the inner tcp ultimately experiencing lots of duplicate packets; which it will handle, but you end up sending lots of useless traffic down the tunnel which is just like more overhead.
You can always get to IPV6 on the out (Score:4, Interesting)
Every system I've seen has some form of IPV6 tunneling that allows you to call out to an IPV6 server. The only time it fails is if you're trying to host an IPV6 server which will fail due to NAT but connecting to an IPV6 always works. The fact that you've got an IPV6 server means you're set. Run Teredo/Miredo on your clients and connect away.
Go setup teredo/miredo and connect away.
Re: (Score:3, Informative)
I would definitely try Teredo first, though it does depend on the NAT design used by your ISP (you want remote IPv4 hosts to repeatedly see the same source address after repeated connections -- if the reported address changes, Teredo won't work for you).
The protocol doesn't require explicit ISP support, though NAT design can certainly break it and ISPs can filter it if they choose. When it works, the net effect is that any two hosts running Teredo clients can connect to each other via their client's IPv6 ad
Re: (Score:2)
That's not the case. Unfortunately, Teredo requires relay of all data in the tunnel. There's simply no guarantee that an IPv4-only host has a direct, peer-to-peer path to and from an IPv6-only host, as is the case here in the original question.
Teredo will probably work as a proof-of-concept, but for anything requiring more than a tri
Re: (Score:2)
You only need to worry about the behaviour of the NATs when both endpoints are using Teredo. When one endpoint is using native IPv6, Teredo behaves a bit differently. Of course the client is still behind a NAT, but it only needs to be able to do outgoing connections through that NAT.
However there is another concern about Teredo in that case. The client
HE.net? (Score:5, Informative)
Take a look at Hurricane Electric, they offer free tunnel, dns hosting, etc. ;)
Oh, and an awesome IPv6 training program for which you can get a t-shirt if you finish it!
You can be up and running on an IPv6 tunnel from anywhere in 30 seconds!
Re: (Score:3)
Take a look at Hurricane Electric, they offer free tunnel, dns hosting, etc. Oh, and an awesome IPv6 training program for which you can get a t-shirt if you finish it! ;)
You can be up and running on an IPv6 tunnel from anywhere in 30 seconds!
You misunderstand: the only native IP addresses he has are IPv6. For IPv4 he only has one or more RFC1918 addresses (private range addresses behind a carrier-grade NAT). AFAIK Hurricane Electric only offers IPv6 addresses tunneled over IPv4. What he wants is the opposite: a public IPv4 address tunneled over IPv6. If there are not currently any services available that offer this, I'm sure there will be soon, but I doubt they will come free of charge.
Re:HE.net? (Score:5, Informative)
You aren't looking at the full picture.
What he needs is a way to connect to his (IPv6) home computers, from presumably-IPv4 remote locations. There are two ways he could do this - by finding a way to use IPv4 on his home machines, or by finding a way to use IPv6 on the remote connections. Tunneling IPv6 over IPv4 would work on the remote side, just as tunneling IPv4 over IPv6 would work on the home side.
Re: (Score:2)
Twenty years. You had one job to do ietf, and this is what it's come to? Nobody's quite sure how to make stuff work on the other network?
Slow clap.
(shakes head)
Re: (Score:2)
Which is basically down to lack of experience rather than actual gaps in protocol coverage.
Most ISP's are only now starting to ask "how do I do this". They should have been asking this question 7 to 8 years, if not longer, ago.
Re: (Score:2)
Re: (Score:3)
IETF completed their job on time. Other people had a job to do as well, but they all decided to wait until after the deadline before even start to think about it. There are ISPs still saying IPv6 isn't going to take off, and IPv4 will be fine for many years to come.
Looking back there are things that could have made a difference. 10-15 years ago I started wondering why nobody was doing anything, because the entire upgrade process was stuck in a dea
Re: (Score:2)
NAT64/DNS64? (Score:2)
http://en.wikipedia.org/wiki/NAT64 [wikipedia.org]
Interestingly, it was discussed in a forum topic on Tunnelbroker:
http://www.tunnelbroker.net/forums/index.php?topic=2419.0 [tunnelbroker.net]
Re: (Score:2)
RandyOo could run NAT64 at home, but he would end up with an extra layer of NAT because he doesn't have a public IPv4 address at home for the NAT64. It would make much more sense for the ISP to run NAT64 since they ac
Re: (Score:2)
Take a look at Hurricane Electric, they offer free tunnel, dns hosting, etc. [...] You can be up and running on an IPv6 tunnel from anywhere in 30 seconds!
Hurricane Electric is great, but note this item in their FAQ:
I've tried to create a tunnel but did not succeed. Is there a basic guideline on how to set up a tunnel?
[...]
*Two important notes:
That's protocol 41, not port, and support for any non-garden-variety protocol in the cheaper routers/APs is notably spotty. Who knows what POS you're going to end behind at your next hotel?
Re: (Score:2)
Once in a while you get lucky. I have actually stayed at a hotel where I could get a public IPv4 address on my laptop when I connected to their WiFi. It is rare though, in most cases you'll end up behind a lousy NAT solution.
IPv6 Tunnel Broker (Score:2)
Like tunnelbroker.net or broker.aarnet.edu.au
then gogoc (or similar) to connect you to the IPv6 tunnel when on the greater internet, then ssh to your ipv6 address
AirVPN (Score:2)
I believe AirVPN allows you to map up to 20 ports.
Re: (Score:2)
Reverse SSH Tunnel (Score:5, Informative)
As one other comment suggested, get a cheap VPS and setup a VPN so that you can connect to your network. DigitalOcean has one for $5/month (I'm in no way affiliated) https://www.digitalocean.com/ [digitalocean.com] and you can then have your router connect to the VPN. Setup the routes correctly and any VPN user can access every device at home.
However you won't always want to load up the VPN on your phone, and if there's just 1 computer you want to access you can use a VPS with a remote SSH tunnel. Have the computer on your network connect to the VPS and forward some high numbered port, say 4222, to port 22: ssh -R 4222:localhost:22 user@vps. Then you can ssh into your VPS on port 4222 and it will go directly to your home computer. Just made sure you add "GatewayPorts yes" to /etc/ssh/sshd_config or the remote port will only bind to localhost.
Couple this with autossh and the home computer will always keep the connection open and re-establish it as necessary.
Sure, there's a little overhead, but I've never really noticed it. I use this trick so that my phone and tablet can always ssh into my laptop no matter where the laptop is (home network, friend's house, coffee shop, etc)... no need to find the IP address and worry about port forwarding.
Re: (Score:2)
Any VPS provider with dual-stack (Score:3)
SSH into the Virtual private server, then SSH from the virtual private server to your LAN's IPv6 address
For VNC, open SSH back to your remote computer from inside your LAN in remote tunnel mode, using the -R option, to tunnel the port to the local VNC at the remote end, then connect to that local port on your local computer with VNC for remote access to your home.
Here is what I do (Score:3)
For me, the cheapest way to go was to have the machine behind NAT automatically connect to a second server and bring up an IP tunnel through pppd-ssh.
The second server has a public IP and I connect to it when I want to access the machine behind NAT. You can also do port redirection on the public IP server so you can log directly into your home computer with the public IP.
Port block allocation & PCP (Score:4, Informative)
Your ISP should at least be giving you a block of static ports on a static public IPv4 address so that you can just map them on your home router afterwards. It's called "port block allocation". See this slide deck [menog.org] for more details.
Port control protocol [potaroo.net] is also very close to being reality [cisco.com]. It's a bit like a combination of UPnP and DHCP that allows static IPv4 ports to be requested by and allocated to an end user like IP addresses are now.
You should pester your ISP about these two services monthly until they have a satisfactory response for you. Frankly it's irresponsible on their part if they don't have a FAQ explaining this stuff and a policy for helping customers deal with these things. To do otherwise is demeaning to their customers.
Re: (Score:2)
Frankly it's irresponsible on their part if they don't have a FAQ explaining this stuff and a policy for helping customers deal with these things. To do otherwise is demeaning to their customers.
Most ISP's TOSes for home users technically disallow listening to incoming ports from the internet or any "server-like" behavior. While it really isn't enforced when your modem has a world-reachable IPv4 address, I don't think they'll be very helpful if their architecture simply doesn't allow this anymore. Heck, it might have been a desired feature of their rollout.
Re: (Score:2)
Not from my experience. And I've had around a dozen ISPs over the years. And I have two at the moment.
The ONLY snag I've ran into in the past is having a mailserver listening on port 25, for obvious reasons. One phonecall and that block went away. I've heard of others having issues with outgoing connections on 110 for much the same reason, but traffic levels are low on my ser
Re: (Score:2)
Most ISP's TOSes for home users technically disallow listening to incoming ports from the internet or any "server-like" behavior.
No. Some crap ISP's do. The vast majority of ISPs in the world let you do whatever the hell you want providing you don't dare consider using the bandwidth you paid for.
Re:Port block allocation & PCP (Score:4, Interesting)
Port control protocol [potaroo.net] is also very close to being reality [cisco.com]. It's a bit like a combination of UPnP and DHCP that allows static IPv4 ports to be requested by and allocated to an end user like IP addresses are now.
Humans' ability to create complex and convoluted workarounds for problems that have been foreseen for 20 years and have had a solution for equally as long simply waiting for a bit of investment in infrastructure amazes me. If people spent even half the amount of effort in implementing IPv6 as they do finding assbackwards workarounds to easily solvable problems then the world would be a much better place.
Re: (Score:2)
Mkay, so I followed the link & translated his new regional metro fiber carrier's FAQ from German. It seems like they're pretty clued in & have a reasonably OK explanation of why their customers only get NATted IPv4. I think they're possibly lacking a bit in funds, clue, or both.
The OP should make sure someone from his ISP goes to the next RIPE meeting in Dublin in May. There are plenty of ways to provide better service to their customers without breaking the bank, and the folks at RIPE will tell
Re: (Score:2)
Port control protocol is also very close to being reality. It's a bit like a combination of UPnP and DHCP that allows static IPv4 ports to be requested by and allocated to an end user like IP addresses are now.
I have never understood this its like people keep chasing themselves around in circles.
Having a computer with a public address and no firewall is bad.
Having a computer with a public address and a firewall in which every application you install adds a firewall exception for itself is good.
Having a computer with a private address with UPNP is good when this is little different from having a public address with no firewall.
What is really the difference between intentionally listening on a port locally and send
Tunnel directly (Score:3)
Don't bother with any 3rd parties like most suggestions are advising. OpenVPN supports tunneling IPv4 and IPv6 over either of them. You can use a laptop or anything else that supports IPv6 to connect to your server at home over IPv6 via a bridged tap tunnel interface and then anything you connect to the laptop via layer 2 will be able to communicate with your home over IPv4.
Lots of options (Score:2)
Get:
Then do:
One interesting alternative (Score:2)
Just dump the IP addresses entirely for your applications. Anonymizing networks like Tor and I2P do this automatically, switching the 'address' to a node identification key. If your node has the key, then any other node looking for that key will find you, no matter what your current IP address is. The key validates 'who' your systems are, so the IP address or domain doesn't even matter.
Tor cannot do this as seamlessly as I2P for a couple or reasons:
1) Tor is really only designed for browsing and doesn't han
show or go (Score:2)
If skype works then both showmypc and gotomypc will work.
Why not just use tunneled IPv6? (Score:3)
Teredo(IPv6 over UDP) is easy to set up - if your Windows is Vista or later, it works automatically. For Linux it depends on the distro. If you happen to be in a non-NATted environment for once, 6to4 works great too.
So just enjoy the IPv6.
If you have devices at home that don't support IPv6, you can set up a NAT64 within your home network.
Why is mobile data not on IPv6? (Score:3)
Serious question, no interest in flamebait or trolls. Why is mobile not on IPv6?
It's a place where I would expect it. Quick turnaround of devices, new networks all the time. It made sense for 2G and GRPS to be IPv4 at the time. But 3G and even 4G apparently are still using IPv4.
It's hard to believe the phones are not up to the task. It's all in the software, not too hard to require v6 on 3G and later, Older devices that are v4 only can't use 3G networks anyway. Users don't need to know their IP address, ever. This are devices, and there is a huge number of it, exactly what v6 was meant to support. Carriers have full control over their networks, start to finish, so that part of switching to v6 is also not an issue. They of course have to provide a gateway to access v4-only web sites, but that shouldn't be too much harder than maintaining a NAT like they have to do now to keep everyone on v4.
Honestly, I just don't get it.
It's such a stark contrast with that fibre provider that is basically IPv6, while providing a v4 compatibility layer for older devices that still need it.
Re: (Score:2)
My understanding is that mobile devices are one of the few places that IPv6 actually IS seeing any significant deployment...
Re: (Score:2)
That's what I would totally expect. Yet submitter mentions he can get only v4 on mobile data (and with the expectation of using it to log in to a home server I would expect it's at least 3G that he uses).
Re: (Score:3)
Re: (Score:2)
I have heard about providers even going IPv6 only on their mobile networks and then using NAT64 to allow the mobile devices to still reach IPv4 only servers.
Pi Hosting (Score:2)
ssh -R 2022:localhost:22 -oGatewayPorts=yes mypi.edis.at
You can call this script from
Then, when on the road, to connect to your home network, just do ssh -p 2022 mypi.edis.at on your phone.
A suitable server may be a raspberry pi hosted for free at Edis, Austria [www.edis.at]. Just send them
pagekite.net (Score:2)
https://pagekite.net/ [pagekite.net] seems to be 36 EUR for one year.
I've dealt with this, two possible solutions. (Score:2)
You can either get a VPS that supports IPv6, and log in from there ... another solution that works fairly well.
You use a reverse tunnel, created on demand based on an HTTP request. Here's what you do:
Run a script on your machine that checks yourpage.com/sshtunnel, if it gets, say, NO_TUNNEL, it does nothing (or even better, make that a script and return 404 or some other header to signify FALSE). If, instead, it gets a json or csv, or whatever else you want (I used JSON) with an IP address, a port, and whic
There are public ip4 to ip6 gateways (Score:2)
E.g. adding ip4.sixxs.org to the ipv6 address, http://ipv6.google.com.ipv4.sixxs.org/ [sixxs.org]
Don't know if any allow numerical addresses. Is the ISP providing DNS service for adding your own AAAA records to your routed subnet?
SixXS (Score:2)
Two solutions (Score:2)
First, you could use something like LogMeIn or GoToMyPC. You leave the agent running on a PC on your network then you can login to that PC remotely and access the network resources from there.
The second solution, and what I do, is use VPN. In my case, I have a dynamic IP address from my ISP and I don't care to remember it. I also want to be able to directly address hosts on my LAN rather th
Re:You've come to the right place. (Score:5, Funny)
Next up on ask slashdot:
I've grown tired of the rolling meadow background on my Xp desktop. Does slashdot have any advice on how I might change it? And what should I change it to?
Re: (Score:3)
You should change your desktop background to this [flickr.com]
Re: (Score:2)
Yes... Why did you need to ask?
Re: (Score:2)
Re: (Score:2)
There are only two answers to this:
1. Install Linux
2. Buy a Mac
Re:You've come to the right place. (Score:5, Informative)
You know, I honestly did spend some time searching Google without coming up with useful results. I certainly could have spent a lot more time searching, but sometimes, it's a lot easier to ask someone with expertise and experience. I debated asking the question here, but I also found it interesting (and perhaps news and discussion-worthy) that ISPs are rolling out IPv6-only deployments (on synchronous 100Mbit fiber, even!), and thought others here might find that interesting, as well.
Re: (Score:3, Informative)
Ask yourself whether you need a server, or you simply need to access your home computer.
If you just need to access your home computer to see files/etc., then a service like LogMeIn [logmein.com] or TeamViewer [teamviewer.com] would probably work for you. They work through NAT and don't require a publicly routable IP address to access specific equipment.
Re: (Score:2)
Here's my solution (though mine is all IPv4 instead of IPv6 simply because my carrier hasn't yet entered the 21st century).
I have a Linode... cheap one. It has a static IPv4 address. I put OpenVPN at each end and set up the Linode as my server, and my home server as a client. Then any services I want to present, I just proxy using the Linode (mostly web-based stuff... use Apache proxying). Works like a champ, doesn't require me to set the default gateway to my VPN (that would be a pain) and means that my ad
Re: (Score:2)
Re: (Score:2)
Europe has run out as well.
Re:You've come to the right place. (Score:4, Informative)
Re: (Score:2)
run a VPN client on your home server and have it connect to the VPS VPN server.
connect to the VPN server and route to your home network
Re:You've come to the right place. (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
No need for v6 to be dynamic. There's plenty of addresses.
Re: (Score:2)
Re: (Score:2)
IPv6 is right - plus some DS-lite or tunneling (Score:3)
While the title may have been less in your face, why is this modded down? AC is right - with IPv6, he has no shortage of addresses, so he could configure a DHCP6 server and set it up that way.
It would have helped if this was dual stacked, but since it isn't, one thing he should consider is asking his cell phone carrier whether they do IPv6, and getting that end IPv6 supported. Another option might be to set up a DS-lite configuration for services needing IPv4. That way, he uses his IPv4 cellphone to ac
Re: (Score:2)
+ 1 for sixxs
get a sixxs tunnel, get a domain, host it in dns.he.net and you get free ipv6 network, including DNS (and ddns for ipv4 if needed)...
After this, you can access any machine on your network that is ipv6 capable directly (or not, if you configure your router/firewall to block it)
If you have hardware in your local network that dont work with ipv6, replace it or configure a local ipv4 network (example: 192.168.1.0/24), via static IP or dhcp if you can configure your router (if not, install a dhcp da
Re: (Score:2)
That's not going to be of any use when the ISP doesn't give him any IP address at all.
Re: (Score:2)
Unfortunately it is too late to avoid CGN. But at least this ISP is deploying native IPv6. Faced with a shortage of IPv4 addresses ISPs cannot do much more than deploy native IPv6 along with some temporary workaround in order to allow customers to communicate with IPv4. It's the rest of the Internet that needs to stop using IPv4 such that those temporary workarounds can be shut down.
NAT solutions that move state to the CPE e
Re: (Score:2)
Step 3: SSH into myswebsite.com
Voilà!
And you'll get a connection refused because port 22 is not forwarded by the CGN.