Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

They were panicking about IPv4 running out 20 years ago, the amazing inventions of NAT and CIDR meant it never happened. I predict that we’ll be here in 20 years again.


If you look at the mobile telco IPv4 blocks, or lack thereof, you'll see that NAT is here, heavily, almost ubiqitously, as carrier NAT. It's destroyed the network functionality of mobile telecommunications (lacking routable ipv4) and made them essentially dumb terminals lacking any ability to participate in the 'net. They can only consume other's services.


I don't know how I feel about this. IPv6 is the obvious answer, but maybe some kind of NAT is warranted for devices that tend not to have firewalls?

If each LTE terminal has a publicly routable IP, unless it's statefully firewalled, any random Internet user who can figure out my IP can run up my data bill, or packet me and inflict a Denial of Service. I remember long ago, some mobile operators in the U.S. were assigning public (non-firewalled) public IPv4 IPs to mobile devices... Attackers were literally scanning Sprint's mobile IP ranges for open port 22 and logging in over SSH as root/aspen to hack jailbroken iPhones!


You don't need to NAT to statefully allow inbound traffic. How the two became forever entangled is past me as technically depending what network you are sourcing from NAT doesn't actually prevent what you describe without also having the actual stateful firewalling enabled.

Taken another way: it's easier to statefully filter incoming flows (FW) than it is to statefully map flows (NAT) both from an implementation and operation perspective.


Can you explain what you mean with "It's destroyed the network functionality of mobile telecommunications"? Since I can think of exactly zero reasons one needs his handheld to be reachable from the Internet (that has not been long solved).


I'd like to be able to communicate with other handhelds without involving a STUN/TURN server, which is hugely unnecessary complexity.


What solution do you know for getting two clients behind CGNAT to talk to each other reliably, without relying on a third-party service?


Distributed applications and independence from monopolies that aggressively hoard and equally aggressively leak personal data.


NAT is annoying though


For what real world reasons?


SIP and RTP are a pain. Long "fixed" but still a pain. ftp still refuses to die and is a pain in active mode. There are others.

Only yesterday I had to wheel out Wireshark to prove to a telephony services provider that their bod had forgotten to update a PBX with its changed WAN address.


Ah, the mythical "real world" where your concerns and requirements don't matter, and mine do.


Video calls.


Never had a problem doing video calls on ip/v4


Or having a similar conversation about ip v8


amazing?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: