Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Home Server On IPv6-only Internet Connection?

Unknown Lamer posted about a year ago | from the at-least-you-get-ipv6 dept.

Networking 164

RandyOo writes "I've recently learned that our neighborhood is getting a fiber optic network, with a 100Mbps connection in each subscriber's home. IPv6 connectivity is included, but unfortunately, the only IPv4 connectivity they offer is Carrier Grade NAT, due to the exhaustion of IPv4 addresses in RIPE. I travel a lot, and I've become accustomed to accessing my home network via SSH, VNC, etc. It appears uPNP and PMP are unsupported by CGN. So, without a publicly-routed IPv4 address, I'll be unable to reach devices on my home network from an IPv4-only connection, such as the one provided by my cellular carrier (which also appears to be behind some kind of NAT, by the way). If the ISP isn't willing or able to sell me an IPv4 address, what alternatives do I have? I'd be willing to pay a small monthly fee for, say, a VPN service that would allow me to accept incoming connection requests on a range of ports on their Internet-facing IPv4 address. Does such a service exist?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered


You've come to the right place. (0, Troll)

Score Whore (32328) | about a year ago | (#43041591)

I'm glad you asked this question. The simple answer is no, there's no possible way that you'll be able to connect to your home server while on the internet. There aren't any services that provide an IPv4 address that you can do what you want with. So it's good you didn't waste time searching on the internets.

Re:You've come to the right place. (5, Funny)

Anonymous Coward | about a year ago | (#43041625)

Next up on ask slashdot:

I've grown tired of the rolling meadow background on my Xp desktop. Does slashdot have any advice on how I might change it? And what should I change it to?

Re:You've come to the right place. (0, Offtopic)

Anonymous Coward | about a year ago | (#43041763)

dont be a cunt.

Re:You've come to the right place. (-1, Flamebait)

Anonymous Coward | about a year ago | (#43041931)

Sorry, I guess I'm just bitter at slashdot becoming far less technical and more general purpose. Or maybe it's that these questions are so brain dead simple that they seem like disguised slashvertisements. Submitter's ask slashdot comment sponsored by log me in and team viewer. Tune in next week for anonymous cuntward's Xp question sponsored by Microsoft.

The submitter obviously isn't clueless as he is using all the correct terms, so why wouldn't he be aware that there are at least a dozen companies that offer a solution to the problem? Who's really being insulted here?

Re:You've come to the right place. (4, Informative)

RandyOo (61821) | about a year ago | (#43043911)

You know, I honestly did spend some time searching Google without coming up with useful results. I certainly could have spent a lot more time searching, but sometimes, it's a lot easier to ask someone with expertise and experience. I debated asking the question here, but I also found it interesting (and perhaps news and discussion-worthy) that ISPs are rolling out IPv6-only deployments (on synchronous 100Mbit fiber, even!), and thought others here might find that interesting, as well.

Re:You've come to the right place. (2, Informative)

realityimpaired (1668397) | about a year ago | (#43044149)

Ask yourself whether you need a server, or you simply need to access your home computer.

If you just need to access your home computer to see files/etc., then a service like LogMeIn [logmein.com] or TeamViewer [teamviewer.com] would probably work for you. They work through NAT and don't require a publicly routable IP address to access specific equipment.

Re:You've come to the right place. (0)

Anonymous Coward | about a year ago | (#43042321)

I'm glad you asked this question. The simple answer is no, there's no possible way that'll be able to change the background on your XP desktop. There aren't any services that provide replacement desktops that you can do what you want with. So it's good you didn't waste time searching on the internets.

Re:You've come to the right place. (4, Informative)

biggknifeparty (618904) | about a year ago | (#43042045)

Buy a VPS. Create an open ended ssh tunnel commencing that opens a port on the VPS IP4 address. Use a utility like autossh to automatically maintain the ssh connection. Connect to port 80 on the VPS IP and get routed to your home web server.

Re:You've come to the right place. (4, Insightful)

smash (1351) | about a year ago | (#43043113)

Conversely, get a tunnel from a tunnel broker to use whilst on the road vpn style (essentially tunnel into ipv6 network via local ipv4) and access your systems over ipv6 when on the road.

Hamachi (5, Informative)

PhaseBurn (44685) | about a year ago | (#43041593)

I've been using LogMeIn's Hamachi system to accomplish this. It's a virtual LAN solution that links machines behind firewalls or CGN devices. The down side is that it has to be installed on all devices that access the virtual LAN, and they don't have any mobile clients (yet), but if you need access from a device you can't install the Hamachi client on, you can always get a cheap VPS, install the linux client on it, and set up some port forwarding - the Hamachi IPs are static, so each machine always gets the same one.

There are some limitations with the free version (5 machines in a virtual LAN, connection only works with a logged in user on desktop clients), but the $30ish it costs per year for a 32 user license is very reasonable. And it supports IPv6 and IPv4 across the VLAN, too.

Re:Hamachi (4, Informative)

Anonymous Coward | about a year ago | (#43041831)

Hamachi squats on valid address space, and may cause problems.

Re:Hamachi (2)

PhaseBurn (44685) | about a year ago | (#43041875)

There's downsides to everything. I don't use anything in the range, as the entire block is owned by the Ministry of Defense in GB. I'd wager that nobody who reads this article has ever connected to a 25/8 IP, including you, and the user inquiring about a solution to his CGN conundrum.

Re:Hamachi (2)

JWSmythe (446288) | about a year ago | (#43042177)

That's not the only large block. There are *lots* of blocks just like it. I was exposed to a /16 that uses maybe 4 /24's in it.

Even in blocks as (relatively) small as a /24, there is lots of dead space. Rarely do places properly plan ahead, You're *suppose* to only ask for your next /24 when you are at 80% *and* you expect to reach it in the near future.

I've seen shops put every unused IP on machines, just so they can say they're fully utilized, and get more blocks.

It's not utilization that is hurting IPv4, it's greed. No one gives back IPs. They just keep asking for more.

Re:Hamachi (4, Insightful)

marka63 (1237718) | about a year ago | (#43042599)

Actually it is utilisation. IPv4 ran out of addresses over a decade ago when NAT no longer became optional for the majority of users of the Internet. Ever since then we have been in stopgap mode. Unfortunately most users have never experience the real Internet when everyone can be both a producer and a consumer.

Re:Hamachi (2)

AlphaWolf_HK (692722) | about a year ago | (#43043157)

Well many have been giving back, though those who do are usually private entities. IBM gave a few /12 blocks back to IANA a few years ago, with Microsoft doing about the same.

Returning v4 IP addresses (0)

unixisc (2429386) | about a year ago | (#43043589)

It's not greed. It doesn't make sense to give back v4 IPs, when the rest of the world is dragging its feet on IPv6 adaption. In fact, giving back v4 IPs is not a solution at all - if it's given back before the widespread adaption of IPv6, then the giver will be left with shortages. If it's given back after the widespread adaption of IPv6, it will be useless and unneeded. Fact is that even if an organization fully embraces IPv6, they still need to be dual stacked to provide services to IPv4 customers, so they'll still need those 'unused' v4 addresses.

Re:Hamachi (3, Informative)

danpbrowning (149453) | about a year ago | (#43042187)

They finally fixed that? Good. They previously used and it took a *long* time to figure out why certain users can't access certain web servers.

Re:Hamachi (1)

AlphaWolf_HK (692722) | about a year ago | (#43043153)

Wow...they should really divvy that up, especially with the UK government complaining to ISP's who are choosing NAT only solutions as opposed to dual stack. I mean think about that, 16.7 million IP addresses...I think even if you added up all of their servers, capital equipment (e.g. tanks, HMMWV's, fighter jets) and personell you'd get nowhere near 16.7 million.

Allocating v4 addresses (1)

unixisc (2429386) | about a year ago | (#43043595)

But imagine the effort needed to determine who needs how many addresses. Spending that sort of time on a technology that's all set to be replaced does no good. Instead, governments should aggressively push IPv6 adaption, and at some point, announce a cutoff of all IPv4 services. That thing won't go away unless and until someone takes the initiative and pulls that plug. Once they do, anyone who wants to deal w/ them will be forced to adapt IPv6, and after that, there will be no shortages

Re:Hamachi (0)

Anonymous Coward | about a year ago | (#43043527)

How much do you want to wager? I have...Infact I might be right now in some round about way...

Re:Hamachi (-1, Troll)

Anonymous Coward | about a year ago | (#43041903)

I squatted on your mom's face last night. There was no problem, only joy.

Re:Hamachi (3)

AlphaWolf_HK (692722) | about a year ago | (#43043131)

On the subject of tunnels, I'd say just go with a 6 to 4 broker on your remote end. There are a bunch of free ones such as hurricane electric. If you do that, then you've effectively got "end to end" (I'm doing air quotes) ipv6 access to your home server, even if your client side doesn't support ipv6. It's really very seamless if you set up a dynamic DNS.

Virtually all modern operating systems support 6to4 tunnels, you can even do it from the command prompt in windows vista and up (usally three to four lines of code.)

There are various android apps that do this as well, but I have no experience with iOS or windows phone (I'm a bit dubious of those two since a six to four tunnel actually requires being able to move v6 traffic over the v4 stack, and as far as I'm aware you can't do that sort of thing with those platforms due to anti-hacking restrictions - but I'm quite possibly wrong.)

Re:Hamachi (2)

Guspaz (556486) | about a year ago | (#43043445)

The advantage of Hamachi, though, is that it's a direct connection between your two machines, with the only overhead being udp headers. Any tunnel is going to be bouncing you off some router who knows where, lengthening your route and possibly hitting congestion (I'd worry particularly about the free ones).

I can't speak to the current version of Hamachi, as I've not used it in years, but last time I did there was a console Linux version to go with the Mac and windows versions. It was very popular at the time as a way of playing LAN-only games over the Internet with minimal latency ( since every peer connects directly to every other peer). For example, I believe IPX games worked over it.

proxy on an amazon ec2 instance? (4, Informative)

yincrash (854885) | about a year ago | (#43041635)

also, if you're using t-mobile and have a newer phone, you can get IPv6. https://sites.google.com/site/tmoipv6/lg-mytouch [google.com]

Re:proxy on an amazon ec2 instance? (0)

TheGavster (774657) | about a year ago | (#43042343)

It is unlikely that he will be able to get a T-Mobile signal in an area where addresses are apportioned by RIPE.

Re:proxy on an amazon ec2 instance? (1)

Anonymous Coward | about a year ago | (#43042511)

T-Mobile operates in multiple European countries (where RIPE manages the IP addresses), but I guess you mean T-Mobile USA.

Re:proxy on an amazon ec2 instance? (2, Informative)

MtHuurne (602934) | about a year ago | (#43043127)

T-Mobile is part of Deutsche Telekom: Germany is where they started from.

Bingo. (2)

RandyOo (61821) | about a year ago | (#43043919)

My provider actually is T-Mobile Germany, and surprisingly, they don't plan to deploy IPv6 until next year!

Cheap Linux VPS and a VPN to home (5, Informative)

toygeek (473120) | about a year ago | (#43041649)

A cheap Linux based VPS (Virtual Private Server) will do what you want. You can set up a VPN connection between your home server and the VPS, and then connect to the VPS on its public IP and have it route to your home. I haven't set up such a thing myself, and it will be a bit laggy, but it should works for what you need.

Re:Cheap Linux VPS and a VPN to home (0)

Anonymous Coward | about a year ago | (#43041757)

Amazon cloud services with an elastic IP address supports ipv6

Re:Cheap Linux VPS and a VPN to home (2)

don.g (6394) | about a year ago | (#43041853)

Yes but EC2 costs way more than a cheapo VPS of the type advertised on lowendbox.com

Re:Cheap Linux VPS and a VPN to home (4, Informative)

Deekin_Scalesinger (755062) | about a year ago | (#43042115)

He can get a free year of EC2 hosting. Windowz and Linux both. Amazon may be a Big Corporation but this ain't bad [amazon.com]

Re:Cheap Linux VPS and a VPN to home (4, Informative)

sortius_nod (1080919) | about a year ago | (#43042561)

Not only that, you can just keep signing up for free tier every year. I've done it myself, & all I needed to do was transfer configs to my local machine, close down my AWS account, open a new one, upload, off I go again.

It may only be a year, but they don't check names, credit card details, or address, just email address.

Re:Cheap Linux VPS and a VPN to home (0)

Anonymous Coward | about a year ago | (#43043431)

I'm not sure if that's ethical, but whattheheck.

Re:Cheap Linux VPS and a VPN to home (2)

negge (1392513) | about a year ago | (#43043447)

I do something similir to this to access my work computer from anywhere. The company doesn't provide VPN access so I've connected my work PC to my home network via VPN. In turn I can access my home network via the same VPN (just different credentials). The only downside is that if my work computer is rebooted I have to be there to initiate the VPN connection.

Toredo (1)

Mathieu Lutfy (69) | about a year ago | (#43041657)

Have you tried Toredo? (apt-get install miredo)

It goes through relays, so you will probably want to only use it for small transfers. Alternatively, you can use a Linode VPS, which have IPv6 enabled by default, so you can configure an ipsec tunnel or equivalent from there.

Re:Toredo (0)

unixisc (2429386) | about a year ago | (#43043603)

Except that that one uses UDP instead of TCP, so wouldn't dropped packets be a big deal there?

Re:Toredo (3, Informative)

DarkOx (621550) | about a year ago | (#43043805)

No very much the opposite actually. Remember you are tcp or Udp inside the tunnel as well. For the inner Udp a lost packet is simply a lost packet like any other, the application will have been designed to handle that because its the nature of Udp. For tcp a lost tunnel packet will result in the inner tcp seeing a lost packet, there will be no ack and it will do what tcp always does a retransmit, the outer tunnel layer will encapsulate it in a new Udp packet and things will work fine.

Often tcp tunneled in tcp performs badly on lossy links. What happens if the stacks have not worked out the window sizes just right you get BOTH the inner and otter tcp doing a retransmit. This results in the inner tcp ultimately experiencing lots of duplicate packets; which it will handle, but you end up sending lots of useless traffic down the tunnel which is just like more overhead.

You can always get to IPV6 on the out (3, Interesting)

SpazmodeusG (1334705) | about a year ago | (#43041697)

Every system I've seen has some form of IPV6 tunneling that allows you to call out to an IPV6 server. The only time it fails is if you're trying to host an IPV6 server which will fail due to NAT but connecting to an IPV6 always works. The fact that you've got an IPV6 server means you're set. Run Teredo/Miredo on your clients and connect away.

Go setup teredo/miredo and connect away.

Re:You can always get to IPV6 on the out (3, Informative)

JimboJoe (1518093) | about a year ago | (#43042937)

I would definitely try Teredo first, though it does depend on the NAT design used by your ISP (you want remote IPv4 hosts to repeatedly see the same source address after repeated connections -- if the reported address changes, Teredo won't work for you).

The protocol doesn't require explicit ISP support, though NAT design can certainly break it and ISPs can filter it if they choose. When it works, the net effect is that any two hosts running Teredo clients can connect to each other via their client's IPv6 addresses, even if an IPv4 network sits between them.

Under the hood, it tunnels on top of NAT'd UDP over IPv4, using a 3rd party public IPv4 server to mediate the connection start-up (needed for NAT busting [wikipedia.org]) -- but all of that is transparently handled by the Teredo client, so using it seems exactly the same as connecting to any other IPv6 host. There's a small privacy aspect present since that other server sees your source and destination trying to start a connection, but all the real traffic is direct, peer-to-peer.

Since the effect is to allow connections despite a NAT, you should make sure you are suitably firewalled, patched up, hardened, etc. Some teredo clients may also require you to explicitly enable in-bound connections on the interface.

HE.net? (4, Informative)

alexandre (53) | about a year ago | (#43041699)

Take a look at Hurricane Electric, they offer free tunnel, dns hosting, etc.
Oh, and an awesome IPv6 training program for which you can get a t-shirt if you finish it! ;)
You can be up and running on an IPv6 tunnel from anywhere in 30 seconds!

Re:HE.net? (2)

FridayBob (619244) | about a year ago | (#43041789)

Take a look at Hurricane Electric, they offer free tunnel, dns hosting, etc. Oh, and an awesome IPv6 training program for which you can get a t-shirt if you finish it! ;) You can be up and running on an IPv6 tunnel from anywhere in 30 seconds!

You misunderstand: the only native IP addresses he has are IPv6. For IPv4 he only has one or more RFC1918 addresses (private range addresses behind a carrier-grade NAT). AFAIK Hurricane Electric only offers IPv6 addresses tunneled over IPv4. What he wants is the opposite: a public IPv4 address tunneled over IPv6. If there are not currently any services available that offer this, I'm sure there will be soon, but I doubt they will come free of charge.

Re:HE.net? (4, Informative)

gman003 (1693318) | about a year ago | (#43042005)

You aren't looking at the full picture.

What he needs is a way to connect to his (IPv6) home computers, from presumably-IPv4 remote locations. There are two ways he could do this - by finding a way to use IPv4 on his home machines, or by finding a way to use IPv6 on the remote connections. Tunneling IPv6 over IPv4 would work on the remote side, just as tunneling IPv4 over IPv6 would work on the home side.

Re:HE.net? (1)

rs79 (71822) | about a year ago | (#43042463)

Twenty years. You had one job to do ietf, and this is what it's come to? Nobody's quite sure how to make stuff work on the other network?

Slow clap.
(shakes head)

Re:HE.net? (2)

marka63 (1237718) | about a year ago | (#43042701)

Which is basically down to lack of experience rather than actual gaps in protocol coverage.

Most ISP's are only now starting to ask "how do I do this". They should have been asking this question 7 to 8 years, if not longer, ago.

Re:HE.net? (1)

unixisc (2429386) | about a year ago | (#43043627)

Tunneling IPv4 over IPv6 is a part of DS-lite, but there, his home router would have to have RFC1918 addresses internally, and IPv6 externally, and encapsulate the former in the latter. But I'm not sure that that'll work w/ a server, since NAT is out of the question. His only way would be to tunnel his IPv4 connection in IPv6 over to his home network, where he can access whatever he wants.

Re:HE.net? (1)

IAN (30) | about a year ago | (#43043391)

Take a look at Hurricane Electric, they offer free tunnel, dns hosting, etc. [...] You can be up and running on an IPv6 tunnel from anywhere in 30 seconds!

Hurricane Electric is great, but note this item in their FAQ:

I've tried to create a tunnel but did not succeed. Is there a basic guideline on how to set up a tunnel?


*Two important notes:

  1. Your IPv4 endpoint address must be reachable via ICMP (Internet Control Message Protocol).
  2. If you are using a NAT (Network Address Translation) appliance, please make sure it allows and forwards protocol 41.

That's protocol 41, not port, and support for any non-garden-variety protocol in the cheaper routers/APs is notably spotty. Who knows what POS you're going to end behind at your next hotel?

IPv6 Tunnel Broker (2)

strange_tractor (414986) | about a year ago | (#43041721)

Like tunnelbroker.net or broker.aarnet.edu.au

then gogoc (or similar) to connect you to the IPv6 tunnel when on the greater internet, then ssh to your ipv6 address

Really this is an ask slashdot now? (-1)

Anonymous Coward | about a year ago | (#43041731)

Reverse ssh.

AirVPN (1)

Wonko the Sane (25252) | about a year ago | (#43041803)

I'd be willing to pay a small monthly fee for, say, a VPN service that would allow me to accept incoming connection requests on a range of ports on their Internet-facing IPv4 address. Does such a service exist?

I believe AirVPN allows you to map up to 20 ports.

Reverse SSH Tunnel (5, Informative)

Ingenium13 (162116) | about a year ago | (#43041811)

As one other comment suggested, get a cheap VPS and setup a VPN so that you can connect to your network. DigitalOcean has one for $5/month (I'm in no way affiliated) https://www.digitalocean.com/ [digitalocean.com] and you can then have your router connect to the VPN. Setup the routes correctly and any VPN user can access every device at home.

However you won't always want to load up the VPN on your phone, and if there's just 1 computer you want to access you can use a VPS with a remote SSH tunnel. Have the computer on your network connect to the VPS and forward some high numbered port, say 4222, to port 22: ssh -R 4222:localhost:22 user@vps. Then you can ssh into your VPS on port 4222 and it will go directly to your home computer. Just made sure you add "GatewayPorts yes" to /etc/ssh/sshd_config or the remote port will only bind to localhost.

Couple this with autossh and the home computer will always keep the connection open and re-establish it as necessary.

Sure, there's a little overhead, but I've never really noticed it. I use this trick so that my phone and tablet can always ssh into my laptop no matter where the laptop is (home network, friend's house, coffee shop, etc)... no need to find the IP address and worry about port forwarding.

Re:Reverse SSH Tunnel (1)

Deekin_Scalesinger (755062) | about a year ago | (#43042147)

I am not affiliated with Digital Ocean either, but a pal of mine told me about it a few months ago - very nice responsive support and decent prices.

Re:Reverse SSH Tunnel (1)

jampola (1994582) | about a year ago | (#43042225)

I second this. Reverse SSH would work a treat. It sucks to have the extra hop but it will do until your phone carrier decides to move with the times and allow IPv6.

Any VPS provider with dual-stack (2)

mysidia (191772) | about a year ago | (#43041827)

SSH into the Virtual private server, then SSH from the virtual private server to your LAN's IPv6 address

For VNC, open SSH back to your remote computer from inside your LAN in remote tunnel mode, using the -R option, to tunnel the port to the local VNC at the remote end, then connect to that local port on your local computer with VNC for remote access to your home.

GROW UP and use IPv6!!! (-1)

Anonymous Coward | about a year ago | (#43041847)

Sorry, your rant sound like the guys that used Novell and pushed back on TCP/IPv4, so many years ago. GET OVER IT!

Go get your he.net certification for IPv6, configure your internal systems to IPv6 and enjoy the ability to have a /64 (1.84467440737096 E19) addresses at home.

One recommendation, configure your DHCPv6 and don't use an easily guessable IP address. Also configure all of your system to use "privacy addresses", allowing you to use a random outbound initiated address (patches, updates, malware signatures, web browsing, etc). This removes the "internet scanning" community from finding your devices.

Re:GROW UP and use IPv6!!! (1)

Anonymous Coward | about a year ago | (#43041985)

You are an idiot. His problem is that he has to connect from networks which are not under his control and which (currently) only provide IPv4. This is not the submitters fault.

Re:GROW UP and use IPv6!!! (0)

Anonymous Coward | about a year ago | (#43041993)

Did you even read the question all the way through? The guy doesn't have any problem with IPv6 itself. He wants to connect to his network on the go from his cellphone(probably tethers from the way it's worded). His cell's connection is some v4 NAT that won't even connect to a v6 address. He's looking for a solution.that doesn't involve convincing his cell provider to overhaul it's entire system.

IPv6 is right - plus some DS-lite or tunneling (2)

unixisc (2429386) | about a year ago | (#43043485)

While the title may have been less in your face, why is this modded down? AC is right - with IPv6, he has no shortage of addresses, so he could configure a DHCP6 server and set it up that way.

It would have helped if this was dual stacked, but since it isn't, one thing he should consider is asking his cell phone carrier whether they do IPv6, and getting that end IPv6 supported. Another option might be to set up a DS-lite configuration for services needing IPv4. That way, he uses his IPv4 cellphone to access those services, while providing them seamlessly from IPv6. Or else tunnel the requests from the IPv4 end.

Here is what I do (2)

ls671 (1122017) | about a year ago | (#43041949)

For me, the cheapest way to go was to have the machine behind NAT automatically connect to a second server and bring up an IP tunnel through pppd-ssh.

The second server has a public IP and I connect to it when I want to access the machine behind NAT. You can also do port redirection on the public IP server so you can log directly into your home computer with the public IP.

Port block allocation & PCP (3, Informative)

funkboy (71672) | about a year ago | (#43041971)

Your ISP should at least be giving you a block of static ports on a static public IPv4 address so that you can just map them on your home router afterwards. It's called "port block allocation". See this slide deck [menog.org] for more details.

Port control protocol [potaroo.net] is also very close to being reality [cisco.com]. It's a bit like a combination of UPnP and DHCP that allows static IPv4 ports to be requested by and allocated to an end user like IP addresses are now.

You should pester your ISP about these two services monthly until they have a satisfactory response for you. Frankly it's irresponsible on their part if they don't have a FAQ explaining this stuff and a policy for helping customers deal with these things. To do otherwise is demeaning to their customers.

Re:Port block allocation & PCP (1)

White Flame (1074973) | about a year ago | (#43042653)

Frankly it's irresponsible on their part if they don't have a FAQ explaining this stuff and a policy for helping customers deal with these things. To do otherwise is demeaning to their customers.

Most ISP's TOSes for home users technically disallow listening to incoming ports from the internet or any "server-like" behavior. While it really isn't enforced when your modem has a world-reachable IPv4 address, I don't think they'll be very helpful if their architecture simply doesn't allow this anymore. Heck, it might have been a desired feature of their rollout.

Re:Port block allocation & PCP (1)

v1 (525388) | about a year ago | (#43042731)

Most ISP's TOSes for home users technically disallow listening to incoming ports from the internet or any "server-like" behavior.

Not from my experience. And I've had around a dozen ISPs over the years. And I have two at the moment.

The ONLY snag I've ran into in the past is having a mailserver listening on port 25, for obvious reasons. One phonecall and that block went away. I've heard of others having issues with outgoing connections on 110 for much the same reason, but traffic levels are low on my server so it's never set off anything. ymmv.

There's really no reason for them to limit you nowadays. Their upstream caps do the job for them.

Re:Port block allocation & PCP (1)

thegarbz (1787294) | about a year ago | (#43042869)

Most ISP's TOSes for home users technically disallow listening to incoming ports from the internet or any "server-like" behavior.

No. Some crap ISP's do. The vast majority of ISPs in the world let you do whatever the hell you want providing you don't dare consider using the bandwidth you paid for.

Re:Port block allocation & PCP (3, Interesting)

thegarbz (1787294) | about a year ago | (#43042861)

Port control protocol [potaroo.net] is also very close to being reality [cisco.com]. It's a bit like a combination of UPnP and DHCP that allows static IPv4 ports to be requested by and allocated to an end user like IP addresses are now.

Humans' ability to create complex and convoluted workarounds for problems that have been foreseen for 20 years and have had a solution for equally as long simply waiting for a bit of investment in infrastructure amazes me. If people spent even half the amount of effort in implementing IPv6 as they do finding assbackwards workarounds to easily solvable problems then the world would be a much better place.

Re:Port block allocation & PCP (0)

Anonymous Coward | about a year ago | (#43043361)


Comment of the year. Seriously.

This annoys me to no end, every time I see it. Fuckin' stupid lazy morons! So incredibly lazy, they'll work more, just to work a bit "less". Aka conservatives.

Only exist as AAAA in DNS (0)

manu0601 (2221348) | about a year ago | (#43041999)

Only setup AAAA records in DNS, instead of A records, that way your server will only be reached through IPv6.

Re:Only exist as AAAA in DNS (1)

DigiShaman (671371) | about a year ago | (#43042193)

If his IPv6 is dynamic, he will want to look into DynDNS like service. For $30 a year, they offer "Dyn Standard DNS" service which will support AAAA records.

Problem is, there are still many ISPs out there that don't support IPv6 yet. And even as are coming online, the client most likely doesn't have an IPv6 router yet. There are many broken segments that need to be brought up to spec before we can start enjoying a reliable end-to-end IPv6 network. It will happen, but honestly, not for another few years at best. Say, four years at the most from now (pulling educated guess out of thin air).

Re:Only exist as AAAA in DNS (1)

Skapare (16644) | about a year ago | (#43042429)

No need for v6 to be dynamic. There's plenty of addresses.

Re:Only exist as AAAA in DNS (1)

DigiShaman (671371) | about a year ago | (#43042595)

Agreed. Though there's nothing stopping your local ISP from maintaining a two tier agreement where having a static IP is still only for business class users.

Re:Only exist as AAAA in DNS (0)

Anonymous Coward | about a year ago | (#43043109)

Except maybe for the register that gave them IPv6 addresses. I believe RIPE has in their agreement with providers that always-on customers must receive a /48 block. Only dial-in customers may receive dynamically allocated IPv6 addresses.

Tunnel directly (2)

phizi0n (1237812) | about a year ago | (#43042139)

Don't bother with any 3rd parties like most suggestions are advising. OpenVPN supports tunneling IPv4 and IPv6 over either of them. You can use a laptop or anything else that supports IPv6 to connect to your server at home over IPv6 via a bridged tap tunnel interface and then anything you connect to the laptop via layer 2 will be able to communicate with your home over IPv4.

That does not make sense. (0)

Anonymous Coward | about a year ago | (#43043401)

That does not make sense. Per OP, he/she is outside IPv6 and is on IPv4. OpenVPN cannot provide the described "magic" tunnel unless there is a way to map the target server's IPv6 via IPv4. That requires the carrier to do the mapping (such as port mapping as already described).

Lots of options (1)

Skapare (16644) | about a year ago | (#43042409)


  • A cloud instance
  • Virtual private server
  • A real dedicated server
  • A shell account on a friend's server (for ssh tunnels).

Then do:

  • ssh -F and -R tunnels cross connected.
  • tun2socks (part of badvpn package)to make TCP connections through socks to ssh -D
  • OpenVPN
  • IPsec tunnel mode (in some cases you can do transport mode, too).

Use Pagekite (1)

Rodrigo Hausen (2853939) | about a year ago | (#43042415)

http://pagekite.net/ [pagekite.net] Their open-source client is super easy to setup. You get 1 month free, after that the service is only $18 for 6 months. I've installed Pagekite's client even on machines behind corporate firewalls, and never had any problems whatsoever. I'm not affiliated to them in any way; just a satisfied customer.

Dynamic DNS? (0)

Anonymous Coward | about a year ago | (#43042427)

It's always been enough for me to have a dyndns.org domain that is automatically updated to whatever IP the ISP gives me. It's free for all I need it for.

One interesting alternative (1)

Burz (138833) | about a year ago | (#43042485)

Just dump the IP addresses entirely for your applications. Anonymizing networks like Tor and I2P do this automatically, switching the 'address' to a node identification key. If your node has the key, then any other node looking for that key will find you, no matter what your current IP address is. The key validates 'who' your systems are, so the IP address or domain doesn't even matter.

Tor cannot do this as seamlessly as I2P for a couple or reasons:

1) Tor is really only designed for browsing and doesn't handle non-TCP, non-HTTP protocols well. I2P supports UDP as well as TCP, and has the topology for larger, non-Web page data flows.

2) You can easily set the number of hops in I2P... all the way down to zero. This actually makes the (usually slower & anonymized) I2P connection faster than some of the above mentioned solutions involving the expense of a relay system (which is 1-hop, and assuming SSH gets balky more often due to the way TCP deals with latency)... (I think with Tor, you are forced to go through their anonymizing relays).

The down side is that -- although I2P handles IP sockets -- its not the same thing, so you need to take a couple steps to make SSH or other programs utilize it (similar to using torify as a wrapper). Also, the only mobile platform I2P runs on is Android. And remember that using I2P like this bestows no anonymity on your SSH connection (although that limit would not extend to other apps you use with I2P, as long as you don't also configure them to use 0 hops-- the default is 3 hops).

Carrier grade NAT (1)

Vittorio Alfieri (2822707) | about a year ago | (#43042559)

CGN or as I like to call it Internet-Cancer, SUCKS! There is no way to "call-in". The only way to access your hardware is through 3rd party services such as Teamviewer(which I highly recommend) or LogMeIn. This however isn't you logging in to your stuff, you meet by a proxy that is a Teamviewer server, and then establish a direct connection. Teamviewer also has some plugins which let you establish a VPN to the network that the Teamviewer server is connected to. Another solution is to have a Cisco router connected to the CGN'd internet connection, and have the router automatically VPN (I personally use Cisco's DMVPN technology ) to another internet connection that you DO have access to. An example would be an employee's router that VPNs to HQ. If they VPN'd properly establishes the connection to HQ the IT guys can then SSH,FTP or whatever into the employee's house. They are not connecting directly, but through the VPN from HQ. With some sneaky NATting and routing you can achieve an effect that is very similar to having direct access from the internet to the inside a CGN'd network.

Virtual Private Server (0)

Anonymous Coward | about a year ago | (#43042671)

Running home servers for non-LAN use is usually a waste of money. If your hardware needs are not huge, just get a super cheap VPS from a location that is suitable for you.

http://www.lowendbox.com/ lists about a gazillion super cheap VPS providers all over the world and has new special offers all the time.

X4B Reverse Proxy (0)

Anonymous Coward | about a year ago | (#43042703)

I think https://X4B.org could do something like this.
I know they offer IPv6 gateways for IPv4 hosts.

Re:X4B Reverse Proxy (0)

Anonymous Coward | about a year ago | (#43043415)

I think https://X4B.org could do something like this.
I know they offer IPv6 gateways for IPv4 hosts.

Your link is incorrect: http://x4b.org/ its http:// not https://

I checked with their support they do support it on select nodes (Sweden and US nodes on request) although as its not something they normally do it hasnt been explicitly tested and that if issues are encountered you should contact them.

Why not just use tunneled IPv6? (2)

Zarhan (415465) | about a year ago | (#43042801)

Teredo(IPv6 over UDP) is easy to set up - if your Windows is Vista or later, it works automatically. For Linux it depends on the distro. If you happen to be in a non-NATted environment for once, 6to4 works great too.

So just enjoy the IPv6.

If you have devices at home that don't support IPv6, you can set up a NAT64 within your home network.

Why is mobile data not on IPv6? (2)

wvmarle (1070040) | about a year ago | (#43043319)

Serious question, no interest in flamebait or trolls. Why is mobile not on IPv6?

It's a place where I would expect it. Quick turnaround of devices, new networks all the time. It made sense for 2G and GRPS to be IPv4 at the time. But 3G and even 4G apparently are still using IPv4.

It's hard to believe the phones are not up to the task. It's all in the software, not too hard to require v6 on 3G and later, Older devices that are v4 only can't use 3G networks anyway. Users don't need to know their IP address, ever. This are devices, and there is a huge number of it, exactly what v6 was meant to support. Carriers have full control over their networks, start to finish, so that part of switching to v6 is also not an issue. They of course have to provide a gateway to access v4-only web sites, but that shouldn't be too much harder than maintaining a NAT like they have to do now to keep everyone on v4.

Honestly, I just don't get it.

It's such a stark contrast with that fibre provider that is basically IPv6, while providing a v4 compatibility layer for older devices that still need it.

Re:Why is mobile data not on IPv6? (1)

Guspaz (556486) | about a year ago | (#43043479)

My understanding is that mobile devices are one of the few places that IPv6 actually IS seeing any significant deployment...

Re:Why is mobile data not on IPv6? (1)

wvmarle (1070040) | about a year ago | (#43043499)

That's what I would totally expect. Yet submitter mentions he can get only v4 on mobile data (and with the expectation of using it to log in to a home server I would expect it's at least 3G that he uses).

Re:Why is mobile data not on IPv6? (2)

unixisc (2429386) | about a year ago | (#43043721)

Actually, LTE deprecates IPv4 and mandates IPv6, so 4G is very much IPv6 only. He is probably using a 2G or 3G carrier, where such a mandate doesn't exist.

Try Logmein (1)

kenneth_hk_wong (442341) | about a year ago | (#43043429)

I've been using logmein for many years now. It's free and it just works. I'm living in China now, and my pc's at home are behind a DD-WRT router running OpenVPN with a dynamic (not-fixed) US IP address. Even when the VPN drops out, and everything ends up on a Chinese IP address, it still works. There is even an android client that works from my single core 7" lenovo tablet with China Unicom 3G service. Amazingly, it j u s t w o r k s.

Pi Hosting (1)

ArsenneLupin (766289) | about a year ago | (#43043669)

Set up a server somewhere with an IPv4 address, and then, on your home machine, set up a script that ssh's into it and establishes a reverse tunnel:
ssh -R 2022:localhost:22 -oGatewayPorts=yes mypi.edis.at
You can call this script from /etc/inittab, so that it is relaunched automatically should the connection die.

Then, when on the road, to connect to your home network, just do ssh -p 2022 mypi.edis.at on your phone.

A suitable server may be a raspberry pi hosted for free at Edis, Austria [www.edis.at]. Just send them your pi, and they'll host it for free.

Freeish (1)

VzXzV (755541) | about a year ago | (#43043713)

Another option is checking with a friend. A group of us rent a server running Arch Linux but any distro will do. This lets us host some websites, mumble, virtual machines, do ssh tunneling to get by work firewalls or get free internet at hotels, private file sharing and proxying/tunneling like you're wanting. If you have a friend like this and his server hoster hasn't given him ipv6 get him to ask and they will probably give him more than he could ever use like ours did. Then he can set up what ever method you want.

We got a decent server for $50 a month split 4 ways.

sixxs.net & Goscomb (1)

Anonymice (1400397) | about a year ago | (#43043909)

Check out sixxs.net [sixxs.net] for a decent tunnel broker. They're also a good starting point to find ISPs who can provide native IPv6 routing (those same ISPs would also be likely to be have the infrastructure in place to provide the standard services you require).

If you're UK based, Goscomb [goscomb.net] are v6 native, provide static addressing (free & by default) & FTTC, don't perform any traffic shaping & offer 30-day rolling contracts.
Their caps are a little low for me, but it's a good service & I get what I pay for.

I've dealt with this, two possible solutions. (1)

GNUALMAFUERTE (697061) | about a year ago | (#43044053)

You can either get a VPS that supports IPv6, and log in from there ... another solution that works fairly well.

You use a reverse tunnel, created on demand based on an HTTP request. Here's what you do:
Run a script on your machine that checks yourpage.com/sshtunnel, if it gets, say, NO_TUNNEL, it does nothing (or even better, make that a script and return 404 or some other header to signify FALSE). If, instead, it gets a json or csv, or whatever else you want (I used JSON) with an IP address, a port, and which username it should use, your machine will create a tunnel to that destination. Like this: ssh -f -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -nNT -R {remote_port}: {remote_user}@{remote_host}. So, if where you can expose a port on your laptop, you just fill out a form on your website, and when your machine next checks /sshtunnel it gets served your current data, and your machines connects to wherever you are. All you have to do now is ssh user@localhost -p {remote_port}.

If wherever you are, you don't have access to port forwarding, you can have a cheap VPS (there are many available for as low as 5 bucks a month), and have your machine connect there, this will increase your latency, but it'll be barely noticeable if you choose your VPS location wisely (i.e as close to your home as possible).

The userknownhostfile and stricthostkeychecking disabling are required since you will be using key authentication against a machine that moves around all the time.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account