IPv6 just turned 30 and still hasn’t taken over the world.

As usual, the Hacker News comments are full of utter idiots. More than half of the people there (mostly the ones praising IPv6) who speak authoritatively about networking know fuck-all about it. Which is the norm there.

Like this fucking clown talking about IPv4 and NAT. His claim that “the connection will just head right on through your router” is 100% false for a normal NAT gateway. Doesn’t matter where the traffic originates as as long it’s coming from a public IP. His comments are fully wrong. Packets arriving from the internet are addressed to the router’s WAN IP. Without a DNAT/port-forward rule (or an existing NAT state entry that matches), the router does fucking not “route them onward” to some LAN host. There is no destination inside to route to because the destination is the router itself. This cannot, cannot happen. Idiot.

The comment how about how “NAT only changes the source address” is also wrong. Typical residential NAT is always NAPT/PAT (address and port translation) and is stateful.That means it creates a mapping only when an inside host sends outbound traffic first and uses that mapping to translate inbound return traffic. Unmatched inbound traffic is dropped because it can’t be translated. Period. Therefore, that makes NAT a very effective security measure for essentially free.

From the outside, you simply cannot open a new TCP connection to an arbitrary PC on a residential network behind a simple NAT without port forwarding or some other explicit/implicit mapping mechanism. Thus, Dagger2 is a clown idiot, as mentioned above.

Motherfuckers are always like, “NAT is not a firewall!” And never, ever, ever, understand how NAT actually works. Blows my mind.