Re: nat static-port option
2011/2/2 Ted Unangst : > On Wed, Feb 2, 2011 at 11:23 AM, Martin Schrvder wrote: >> 2011/2/2 Henning Brauer : >>> who sez that your made up isp has to hand out network-wide unique IPs >>> to his customers? >> >> AFAIK Comcast already has >2^24 customers. > > And they seem to be doing just fine. What's the problem again? Comcast starts IPv6: http://blog.comcast.com/2011/11/ipv6-deployment.html Best Martin
Re: nat static-port option
On 02/06/11 21:16, Martin Schrvder wrote: > 2011/2/6 VICTOR TARABOLA CORTIANO : >> No, that's _CHINA_ (people). Or Russia (size). > > You think the VR china is a democracy? I only saw "republic" being mentioned. Not democracy.
Re: nat static-port option
RACIST! ;) On Sun, 06 Feb 2011 21:16 +0100, "Martin Schrvder" wrote: > 2011/2/6 VICTOR TARABOLA CORTIANO : > > No, that's _CHINA_ (people). Or Russia (size). > > You think the VR china is a democracy?
Re: nat static-port option
2011/2/6 VICTOR TARABOLA CORTIANO : > No, that's _CHINA_ (people). Or Russia (size). You think the VR china is a democracy?
Re: nat static-port option
> No, that's India (people). Or Russia (size). > No, that's _CHINA_ (people). Or Russia (size). :P
Re: nat static-port option
* Martin Schrvder (mar...@oneiros.de) wrote: > Carrier grade NAT is less bullshit than ipv6. :-) Arbor networks just released their new 'Worldwide Infrastructure Report' which was interesting. In particular the rising threat of DDOS and the use of statefull network gear in mobile networks, such as DPI and NAT... The complexities of IPv6, as eloquently expressed by Henning, will surely result in some interesting security issues.. http://www.arbornetworks.com/en/arbor-networks-sixth-annual-worldwide-infrast ructure-security-report.html Now I think we shall let this thread come to rest as this is a bit out of topic. (and before someone refrains to name calling, I was almost called 'IPv6 fanboy' at one point). Have a nice weekend :) /Joakim
Re: nat static-port option
* Joakim Aronius (joa...@aronius.com) wrote: > > ..dont want to fuel a flame war here but i heard stuff like AT&T is using 40 > instances of 10/8 indicates that big operators needs to bend themselves > backwards to get their stuff together. Need to correct myself there, should be Verizon Wireless, not AT&T. https://sites.google.com/site/ipv6implementors/2010/agenda/14_Parker_VerizonWireless.pdf?attredirects=0 https://sites.google.com/site/ipv6implementors/2010/agenda Cheers, /Joakim
Re: nat static-port option
2011/2/4 Joakim Aronius : > ..dont want to fuel a flame war here but i heard stuff like AT&T is using 40 > instances of 10/8 indicates that big operators needs to bend themselves > backwards to get their stuff together. Carrier grade NAT is less bullshit than ipv6. :-)
Re: nat static-port option
El 04/02/2011 16:15, Martin Schrvder escribis: 2011/2/4 Bret Lambert: The US has been "offering" "freedom" to the world for a while now. It's only the largest republic in the world :-) No, that's India (people). Or Russia (size). Best Martin Still US (money). Take your pick.
Re: nat static-port option
2011/2/4 Bret Lambert : > The US has been "offering" "freedom" to the world for a while now. > It's only the largest republic in the world :-) No, that's India (people). Or Russia (size). Best Martin
Re: nat static-port option
On Fri, Feb 4, 2011 at 2:45 PM, Martin Schrvder wrote: > 2011/2/4 Pete Vickers : >> He don't appear to 'have' IPv6... > > DTAG will offer v6 to all it's customers later this year. > It's only the largest telco in Germany. :-) The US has been "offering" "freedom" to the world for a while now. It's only the largest republic in the world :-)
Re: nat static-port option
* Ted Unangst (ted.unan...@gmail.com) wrote: > On Wed, Feb 2, 2011 at 11:23 AM, Martin Schrvder wrote: > > 2011/2/2 Henning Brauer : > >> who sez that your made up isp has to hand out network-wide unique IPs > >> to his customers? > > > > AFAIK Comcast already has >2^24 customers. > > And they seem to be doing just fine. What's the problem again? ..dont want to fuel a flame war here but i heard stuff like AT&T is using 40 instances of 10/8 indicates that big operators needs to bend themselves backwards to get their stuff together. And T-Mobile US is about to launch an IPv6 only + NAT64 mobile service, will be interesting to see how that plays out.. Cheers, /Joakim
Re: nat static-port option
2011/2/4 Pete Vickers : > He don't appear to 'have' IPv6... DTAG will offer v6 to all it's customers later this year. It's only the largest telco in Germany. :-) Best Martin
Re: nat static-port option
On 3. feb. 2011, at 17.37, Bret S. Lambert wrote: > On Thu, Feb 03, 2011 at 07:31:01AM -0800, Johan Beisser wrote: >> On Feb 3, 2011, at 5:17, Martin SchrC6der wrote: >> >>> 2011/2/3 Bret Lambert : Counting my toaster? >>> >>> Your toaster has an IP? >>> >> >> Yours doesn't? >> > > He's got IPv6! His *cockroaches' toasters* have IPs! > He don't appear to 'have' IPv6... http://www.ris.ripe.net/dashboard/24640 /Pete
Re: nat static-port option
On Thu, 3 Feb 2011 13:58:23 +0100 Bret Lambert wrote: > Counting my toaster? Dilemma 3G toaster - maybe wastes a valuable ipv4 wifi toaster and x other devices - maybe waste's me with radiation (if it's microwave band wifi (water resonater))
Re: nat static-port option
On Thu, Feb 03, 2011 at 07:31:01AM -0800, Johan Beisser wrote: > On Feb 3, 2011, at 5:17, Martin SchrC6der wrote: > > > 2011/2/3 Bret Lambert : > >> Counting my toaster? > > > > Your toaster has an IP? > > > > Yours doesn't? > He's got IPv6! His *cockroaches' toasters* have IPs!
Re: nat static-port option
On Feb 3, 2011, at 5:17, Martin SchrC6der wrote: > 2011/2/3 Bret Lambert : >> Counting my toaster? > > Your toaster has an IP? > Yours doesn't?
Re: nat static-port option
2011/2/3 Bret Lambert : > yes, and can be viewed at http://www.goldentoasting.com/ Probably a v6 device hosted by Henning.
Re: nat static-port option
On Thu, Feb 3, 2011 at 2:17 PM, Martin Schrvder wrote: > 2011/2/3 Bret Lambert : >> Counting my toaster? > > Your toaster has an IP? yes, and can be viewed at http://www.goldentoasting.com/
Re: nat static-port option
On Wed, Feb 2, 2011 at 10:17 PM, Amit Kulkarni wrote: > A question to a wireless ISP sysadmin, isn't it easy to use NAT with > cellphone web traffic since they have unique number? I'm not a wireless ISP sysadmin but when my cell phone comes off radio and goes wireless I find blocked packets in my logs to port 53 of an rfc1918 address for a brief time.
Re: nat static-port option
2011/2/3 Bret Lambert : > Counting my toaster? Your toaster has an IP?
Re: nat static-port option
On Wed, Feb 2, 2011 at 11:57 PM, Martin Schrvder wrote: > 2011/2/2 Bret S. Lambert : >> On Wed, Feb 02, 2011 at 10:23:43PM +0100, Martin Schr?der wrote: >>> Yeah. And there'll never be more than 2^32 IP devices in the world. >> >> Inorite? I mean, if I can't get an IP for my toaster, I'm just gonna *die*! > > Currently there are about 2^32.7 living humans; I expect to live long > enough to see 2^33.3 > Imagine everyone having at least two devices. How many do you have? Counting my toaster?
Re: nat static-port option
> Currently there are about 2^32.7 living humans; I expect to live long > enough to see 2^33.3 > Imagine everyone having at least two devices. How many do you have? There's a depression coming along. Many would be glad just to have a job and food. I don't use any such toys, and probably many will minimize such expenses. So I don't imagine any switch will occur real soon. A question to a wireless ISP sysadmin, isn't it easy to use NAT with cellphone web traffic since they have unique number?
Re: nat static-port option
2011/2/2 Bret S. Lambert : > On Wed, Feb 02, 2011 at 10:23:43PM +0100, Martin Schr?der wrote: >> Yeah. And there'll never be more than 2^32 IP devices in the world. > > Inorite? I mean, if I can't get an IP for my toaster, I'm just gonna *die*! Currently there are about 2^32.7 living humans; I expect to live long enough to see 2^33.3 Imagine everyone having at least two devices. How many do you have? Best Martin
Re: nat static-port option
On Wed, Feb 02, 2011 at 10:23:43PM +0100, Martin Schr?der wrote: > 2011/2/2 Kevin Chadwick : > > Also, If you look at the GeoIP lookup data you'll see great swathes were > > allocated early on and seemingly never actually used. > > Yeah. And there'll never be more than 2^32 IP devices in the world. Inorite? I mean, if I can't get an IP for my toaster, I'm just gonna *die*! > > Best >Martin
Re: nat static-port option
You are probably on the right track. AFAIK, most Indian ISP's have city or state level blocks of IPs. Ultra big cities like Mumbai, Delhi, Bangalore itself has several blocks. So theoretically they could NAT the same IP in different cities or different blocks at the same time, and none the wiser. > I read, the same ips are being used by ISPS in different parts of the > world with a kind of global nat. > > Also, If you look at the GeoIP lookup data you'll see great swathes were > allocated early on and seemingly never actually used.
Re: nat static-port option
2011/2/2 Kevin Chadwick : > Also, If you look at the GeoIP lookup data you'll see great swathes were > allocated early on and seemingly never actually used. Yeah. And there'll never be more than 2^32 IP devices in the world. Best Martin
Re: nat static-port option
On Wed, 2 Feb 2011 11:53:35 -0600 patric conant wrote: > 2^24=16,777.216 > So they are close. I read, the same ips are being used by ISPS in different parts of the world with a kind of global nat. Also, If you look at the GeoIP lookup data you'll see great swathes were allocated early on and seemingly never actually used.
Re: nat static-port option
Comcast has 15.930 million high-speed internet customers. According to the wikipedia article. 2^24=16,777.216 So they are close. How about the smartphone market, are they largely being natted? Or are we likely to see a doubling of the need for IP addresses in the next couple of years, as non-smart phones die out. Is IPv4/64 a reference to IPv6, or a plan to make v4's address space bigger, without changing it significantly otherwise? On Wed, Feb 2, 2011 at 11:38 AM, VICTOR TARABOLA CORTIANO < vt...@c3sl.ufpr.br> wrote: > There would be more ip adresses if some greedy companies didn't > take a lot of addresses for themselves...
Re: nat static-port option
On Wed, Feb 2, 2011 at 11:23 AM, Martin Schrvder wrote: > 2011/2/2 Henning Brauer : >> who sez that your made up isp has to hand out network-wide unique IPs >> to his customers? > > AFAIK Comcast already has >2^24 customers. And they seem to be doing just fine. What's the problem again?
Re: nat static-port option
* Martin Schrvder [2011-02-02 18:35]: > 2011/2/2 Henning Brauer : > > who sez that your made up isp has to hand out network-wide unique IPs > > to his customers? > AFAIK Comcast already has >2^24 customers. > Any major chinese or indian ISP has or will have >2^24 customers. > Heck, even DTAG will probably have >2^24 devices in their network soon. so? > NAT is a band-aid. ah right, I forgot that you get to decide that. > So Comcast has to apply more band-aids under their band-aid? > Can you even imagine the problems a potential chinese ISP with say > 2^28 devices will have with v4? > Do you think this is sane? at least 2^24 times saner than ipvshit. > PS: I'm NOT claiming that v6 is the perfect answer. it's not an answer at all. i'm outta here, have fun playing with vshit in your sandbox. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: nat static-port option
There would be more ip adresses if some greedy companies didn't take a lot of addresses for themselves...
Re: nat static-port option
2011/2/2 Henning Brauer : > who sez that your made up isp has to hand out network-wide unique IPs > to his customers? AFAIK Comcast already has >2^24 customers. Any major chinese or indian ISP has or will have >2^24 customers. Heck, even DTAG will probably have >2^24 devices in their network soon. NAT is a band-aid. So Comcast has to apply more band-aids under their band-aid? Can you even imagine the problems a potential chinese ISP with say 2^28 devices will have with v4? Do you think this is sane? Best Martin PS: I'm NOT claiming that v6 is the perfect answer.
Re: nat static-port option
* Martin Schrvder [2011-02-02 16:45]: > 2011/2/2 Henning Brauer : > > * Martin Schrvder [2011-02-02 15:06]: > >> Unless you are an ISP with more than 2^24 customers. > > you are talking bullshit. there is oh so much v4 space allocated that > Currently an ISP with more then 2^24 customers can't NAT them all > (as 10/8 has only 2^24 addresses) or has to allocate more than one > /8 for his customers, which makes routing etc. more difficult. you are talking bullshit, still. who sez that your made up isp has to hand out network-wide unique IPs to his customers? why do i even waste time on some ipvshit advocate that acts like a politician claiming we have to eat shit because there wouldn't be an alternative, making up a case out of nothing to "prove" his case? > > as if one incompetent isp mattered. > I'm sure most chinese and indian ISPs will agree. you sure know what you're talking about, that's obvious. look at the oh so bright future yourself, look at the code required to deal with that misdesigned piece of shit. did i just say "designed"? sorry. it's obvious that nothing remotely related to design was involved. u_int8_t mask2prefixlen(in_addr_t ina) { if (ina == 0) return (0); else return (33 - ffs(ntohl(ina))); } u_int8_t mask2prefixlen6(struct sockaddr_in6 *sa_in6) { u_int8_t l = 0, *ap, *ep; /* * sin6_len is the size of the sockaddr so substract the offset of * the possibly truncated sin6_addr struct. */ ap = (u_int8_t *)&sa_in6->sin6_addr; ep = (u_int8_t *)sa_in6 + sa_in6->sin6_len; for (; ap < ep; ap++) { /* this "beauty" is adopted from sbin/route/show.c ... */ switch (*ap) { case 0xff: l += 8; break; case 0xfe: l += 7; return (l); case 0xfc: l += 6; return (l); case 0xf8: l += 5; return (l); case 0xf0: l += 4; return (l); case 0xe0: l += 3; return (l); case 0xc0: l += 2; return (l); case 0x80: l += 1; return (l); case 0x00: return (l); default: fatalx("non continguous inet6 netmask"); } } return (l); } -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: nat static-port option
2011/2/2 Henning Brauer : > * Martin Schrvder [2011-02-02 15:06]: >> Unless you are an ISP with more than 2^24 customers. > > you are talking bullshit. there is oh so much v4 space allocated that Currently an ISP with more then 2^24 customers can't NAT them all (as 10/8 has only 2^24 addresses) or has to allocate more than one /8 for his customers, which makes routing etc. more difficult. > as if one incompetent isp mattered. I'm sure most chinese and indian ISPs will agree. Best Martin
Re: nat static-port option
* Martin Schrvder [2011-02-02 15:06]: > 2011/2/2 Henning Brauer : > > there is no ipv4 shortage. there is a a reclaiming issue. > Unless you are an ISP with more than 2^24 customers. you are talking bullshit. there is oh so much v4 space allocated that isn't used. and gobs of space that was allocated but isn't being used in a meaningful way. reclaiming that space gives us dozens of years and the chance to design something that isn't such a pile of poo as ipvshit. > > all hail ipv4/64, while at it. > Comcast will disagree. :-) as if one incompetent isp mattered. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: nat static-port option
2011/2/2 Henning Brauer : > there is no ipv4 shortage. there is a a reclaiming issue. Unless you are an ISP with more than 2^24 customers. > all hail ipv4/64, while at it. Comcast will disagree. :-) Best Martin
Re: nat static-port option
* Ted Unangst [2011-02-02 01:52]: > On Tue, Feb 1, 2011 at 5:07 PM, Martin Schrvder wrote: > > So what will you tell your customers 2012 when you can't get ipv4 for them? > The same thing he told them in 2008. exactly. "i have enough ipv4 for a long while". there is no ipv4 shortage. there is a a reclaiming issue. all hail ipv4/64, while at it. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: nat static-port option
On Tue, Feb 1, 2011 at 5:07 PM, Martin Schrvder wrote: > So what will you tell your customers 2012 when you can't get ipv4 for them? The same thing he told them in 2008.
Re: nat static-port option
2011/2/1 Henning Brauer : > * Josh Smith [2011-02-01 13:31]: >> On Tuesday, February 1, 2011, Henning Brauer wrote: >> > * Joel Wiramu Pauling [2011-02-01 01:40]: >> >> The better option is to acquire IPv6 transit someway >> > getting ipvshit is never a better option. >> Why the negativity surrounding ipv6? > > use your google fu, I and others have explained it more than enough So what will you tell your customers 2012 when you can't get ipv4 for them? Best Martin
Re: nat static-port option
On Tue, Feb 01, 2011 at 02:38:18PM +0100, Henning Brauer wrote: | * Josh Smith [2011-02-01 13:31]: | > On Tuesday, February 1, 2011, Henning Brauer wrote: | > > * Joel Wiramu Pauling [2011-02-01 01:40]: | > >> The better option is to acquire IPv6 transit someway | > > getting ipvshit is never a better option. | > Why the negativity surrounding ipv6? | | use your google fu, I and others have explained it more than enough Make sure to include [axe murderers] in your search term... Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: nat static-port option
* Josh Smith [2011-02-01 13:31]: > On Tuesday, February 1, 2011, Henning Brauer wrote: > > * Joel Wiramu Pauling [2011-02-01 01:40]: > >> The better option is to acquire IPv6 transit someway > > getting ipvshit is never a better option. > Why the negativity surrounding ipv6? use your google fu, I and others have explained it more than enough -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: nat static-port option
On Tuesday, February 1, 2011, Henning Brauer wrote: > * Joel Wiramu Pauling [2011-02-01 01:40]: >> The better option is to acquire IPv6 transit someway > > getting ipvshit is never a better option. > Henning, Why the negativity surrounding ipv6? Thanks, -- Josh -- Josh Smith KD8HRX email/jabber: juice...@gmail.com phone: 304.237.9369(c)
Re: nat static-port option
On 2011-01-31, Josh Smith wrote: > misc@, > > I recently acquired a playstation 3 and have been running into some > difficulties playing it online behing my openbsd gateway. After doing > some research and testing I have been able to overcome most of these > problems by appending the static-port option to my nat rule. I > understand the concept that this prevents pf from modifying the source > port on the packets as they are natted. But I am curious as to what > implications "flipping this switch has". At least I'm guessing there > must be something since it is not the default behavior. if you use static-port and try and open a second connection to the same host with the same source port, from any machine natted to the same address, that connection will fail.
Re: nat static-port option
On Tue, Feb 1, 2011 at 6:43 AM, Josh Smith wrote: > misc@, > > I recently acquired a playstation 3 and have been running into some > difficulties playing it online behing my openbsd gateway. After doing > some research and testing I have been able to overcome most of these > problems by appending the static-port option to my nat rule. I > understand the concept that this prevents pf from modifying the source > port on the packets as they are natted. But I am curious as to what > implications "flipping this switch has". At least I'm guessing there > must be something since it is not the default behavior. > > > Thanks, > -- > Josh Smith > KD8HRX > email/jabber:B juice...@gmail.com > phone:B 304.237.9369(c) > > Naively, I would say you might run into conflict if two different internal hosts on your network try to access the same remote host from an identical source port. It feels like pf would have trouble finding which internal host to send the responses to. On a small network, it seems very unlikely to happen though.
Re: nat static-port option
* Joel Wiramu Pauling [2011-02-01 01:40]: > The better option is to acquire IPv6 transit someway getting ipvshit is never a better option. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: nat static-port option
On Mon, Jan 31, 2011 at 6:42 PM, Joel Wiramu Pauling wrote: > Does the PS3 support ipv6? Are Sony's servers IPv6 compliant. The > better option is to acquire IPv6 transit someway (either by > terminating a tunnel broker pipe and advertising RA from your openbsd > box) or better still switching to an ISP that support native v6 > service. > > Kind regards > > -JoelW Joel, Unfortunately the device and/or the servers used for each game are not (yet?) ipv6 compliant. Thanks for taking the time to provide an answer to my question. > > On 1 February 2011 12:13, Chris Cappuccio wrote: >> the alternative is UPnP, which you'd need a supporting daemon to add port >> mappings into pf to support with an obsd gateway >> Chris, I realize UPnP is a possible alternative for this. I was more curious about the technical details of what's going on with the static-port option and what the ramifications of using it are. As I stated before I'm guessing there is a good reason this isn't the default option for nat and I am curious as to why and any "gotchas" I should be on the look out for after enabling this option. Thanks, -- Josh Smith KD8HRX email/jabber: juice...@gmail.com phone: 304.237.9369(c)
Re: nat static-port option
Does the PS3 support ipv6? Are Sony's servers IPv6 compliant. The better option is to acquire IPv6 transit someway (either by terminating a tunnel broker pipe and advertising RA from your openbsd box) or better still switching to an ISP that support native v6 service. Kind regards -JoelW On 1 February 2011 12:13, Chris Cappuccio wrote: > the alternative is UPnP, which you'd need a supporting daemon to add port mappings into pf to support with an obsd gateway > > Josh Smith [juice...@gmail.com] wrote: >> misc@, >> >> I recently acquired a playstation 3 and have been running into some >> difficulties playing it online behing my openbsd gateway. B After doing >> some research and testing I have been able to overcome most of these >> problems by appending the static-port option to my nat rule. B I >> understand the concept that this prevents pf from modifying the source >> port on the packets as they are natted. B But I am curious as to what >> implications "flipping this switch has". B At least I'm guessing there >> must be something since it is not the default behavior. >> >> >> Thanks, >> -- >> Josh Smith >> KD8HRX >> email/jabber:B B juice...@gmail.com >> phone:B B 304.237.9369(c) > > -- > Let food be thy medicine and medicine be thy food - Hippocrates
Re: nat static-port option
the alternative is UPnP, which you'd need a supporting daemon to add port mappings into pf to support with an obsd gateway Josh Smith [juice...@gmail.com] wrote: > misc@, > > I recently acquired a playstation 3 and have been running into some > difficulties playing it online behing my openbsd gateway. After doing > some research and testing I have been able to overcome most of these > problems by appending the static-port option to my nat rule. I > understand the concept that this prevents pf from modifying the source > port on the packets as they are natted. But I am curious as to what > implications "flipping this switch has". At least I'm guessing there > must be something since it is not the default behavior. > > > Thanks, > -- > Josh Smith > KD8HRX > email/jabber:B juice...@gmail.com > phone:B 304.237.9369(c) -- Let food be thy medicine and medicine be thy food - Hippocrates
nat static-port option
misc@, I recently acquired a playstation 3 and have been running into some difficulties playing it online behing my openbsd gateway. After doing some research and testing I have been able to overcome most of these problems by appending the static-port option to my nat rule. I understand the concept that this prevents pf from modifying the source port on the packets as they are natted. But I am curious as to what implications "flipping this switch has". At least I'm guessing there must be something since it is not the default behavior. Thanks, -- Josh Smith KD8HRX email/jabber:B juice...@gmail.com phone:B 304.237.9369(c)