= Сообщение: 7272 из 7402 ============================================= IPV6 = От : Victor Sudakov 2:5005/49 24 Apr 23 01:20:16 Кому : Michiel van der Vlist 24 Apr 23 01:20:16 Тема : Connection Tests FGHI : area://IPV6?msgid=2:5005/49+644576e2 На : area://IPV6?msgid=2:280/5555+643a5332 = Кодировка сообщения определена как: CP866 ================================== Ответ: area://IPV6?msgid=2:280/5555+64469543 ============================================================================== Dear Michiel,
15 Apr 23 09:28, you wrote to me:
MV>>> In IPv6 avery device has a Unique Global Address, so one MV>>> can simply create pinholes in advance as needed for the address MV>>> in question.
VS>> Only when you know the IPv6 address and port beforehand.
MV> When runing servers you normally do...
P2P apps like Transmission are not really servers.
Well they are in the strict sense of the word, but people just start them up and hope for them to work out of the box, and they are often configured by default to randomize port numbers on each start.
VS>> Usually an IPv6 address on the home LAN is dynamic (SLAAC),
MV> No. SLAAC addresses are not dynamic. They are derived from the MAC MV> address.
Not any more. AFAIK the recent implementation of SLAAC uses the privacy extensions which do not use the MAC address but some random numbers to derive the IPv6 host address.
VS>> and the port in peer-to-peer applications, VoIP applications etc VS>> is often dynamic too.
MV> VOIP normally uses standard ports.
SIP (the signalling protocol) does, but the RTP uses random ports. A firewall has no way to know the RTP dynamic port numbers unless it inspects the SIP protocol.
VS>> The situation is different of course when you are hosting an IPv6 VS>> web-server or something like that. It would have a fixed IPv6 VS>> address and port anyway, so there is no need for punch-holing the VS>> firewall.
MV> Indeed.
I don't really understand your point. If we decide that UPnP (think "automatic firewall configuration from the inside") is desirable for IPv4, then it's desirable for IPv6 too. If we decide that UPnP is not desirable, you can do without it in IPv4: just configure a static RFC1918 address and port on your internal "server" and create a static NAT/portmapping entry on the router.