FGHIGate на GaNJa NeTWoRK ST@Ti0N - Просмотр сообщения в эхоконференции IPV6
Присутствуют сообщения из эхоконференции IPV6 с датами от 31 Jul 11 14:37:00 до 01 Apr 24 00:03:00, всего сообщений: 7402
= Сообщение: 7267 из 7402 ============================================= IPV6 =
От   : Victor Sudakov                   2:5005/49          11 Apr 23 09:47:00
Кому : Michiel van der Vlist                               11 Apr 23 09:47:00
Тема : Connection Tests
FGHI : area://IPV6?msgid=2:5005/49+6434ca25
На   : area://IPV6?msgid=2:280/5555+6434155d
= Кодировка сообщения определена как: CP866 ==================================
Ответ: area://IPV6?msgid=2:280/5555+643a5332
Dear Michiel,

10 Apr 23 15:46, you wrote to me:

MV>>> Please eleborate...

VS>> The Transmission torrent client, and the syncthing file
VS>> synchronization utility can use the UPnP protocol to request a
VS>> firewall to pass *IPv4* incoming traffic (and create a port
VS>> porwarding for IPv4 NAT). They cannot however (at least to my
VS>> knowledge) use UPnP or any other protocol to request a router to
VS>> open a hole for incoming traffic in an *IPv6* firewall.

MV> I see. Or so I think. You ask for

It is not even that I *ask for* it. I've read here, some messages ago, that some home router declared "IPv6 punch-holing support." Infortunately I could not find more information either about the model of the router or its features.

MV> for some kind of "IPv6 equivalent" for
MV> UPnP. But why would you want that? UpNP is a questionable idea anyway.
MV> For IPv4 it creates an entry in de NAT table and as a side effect
MV> creates a hole in the firewall.

MV> But why would you need that for IPv6?

MV> For IPv6 there (normally) is no NAT, so no need to create an entry in
MV> a NAT table.

The "IPv6 equivalent" for UPnP is not for creating entries in a NAT table (which is absent in IPv6). It is for creating rules in an IPv6 firewall allowing incoming traffic to an application running on an IPv6-enabled host. A firewall (IPv4 or IPv6) is usually configured to block incoming traffic which is not part of an established outgoing connection.

MV> In IPv6 avery device has a Unique Global Address, so one
MV> can simply create pinholes in advance as needed for the address in
MV> question.

Only when you know the IPv6 address and port beforehand. Usually an IPv6 address on the home LAN is dynamic (SLAAC), and the port in peer-to-peer applications, VoIP applications etc is often dynamic too.

The situation is different of course when you are hosting an IPv6 web-server or something like that. It would have a fixed IPv6 address and port anyway, so there is no need for punch-holing the firewall.

Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20170303-b20170303
* Origin: Ulthar (2:5005/49)

