Auf YouTube findest du die angesagtesten Videos und Tracks. Außerdem kannst du eigene Inhalte hochladen und mit Freunden oder gleich der ganzen Welt teilen.
I’m not sure i understand. If the traffic needs to be generated from the lan, does that mean that when i’m away from home the server needs to regularly try to ping my device so that my device can send it traffic?
That would be one way, but your phone would drop the unsolicited traffic.
This is why people recommend using a VPN when away from your home for anything self hosted. Your VPN connection will bring you into the trusted LAN so you can talk unsolicited.
Basically, with stateful firewalls traffic is disallowed by default unless the thing in the LAN is the one that initiates it. You add exceptions to say oncoming traffic is allowed on certain ports to certain devices.
The only difference v.s. port forwarding & NAT is that you can refer to different devices explicitly off of the LAN, meaning you could host two ssh instances, both on port 22, and have your firewall allow traffic through to both. You can then ssh outside the LAN on port 22 to either device. With port forwarding and NAT, since you only have 1 IP that isn’t possible.
The convenience factor is you can say things like, both services run on port 443 and host a web server. Both services get their own IP you can refer too off of the LAN, and you just add an exception to the firewall to let incoming traffic through on those ports on either IP. No finnicking around with reverse proxies pointing to different hosts needed.
I’m not sure i understand. If the traffic needs to be generated from the lan, does that mean that when i’m away from home the server needs to regularly try to ping my device so that my device can send it traffic?
That would be one way, but your phone would drop the unsolicited traffic.
This is why people recommend using a VPN when away from your home for anything self hosted. Your VPN connection will bring you into the trusted LAN so you can talk unsolicited.
Much like how you need to setup port forwarding for your servers back in the IPv4 days, you need to setup firewall rules for IPv6 servers.
“If a packet is arriving in server IP:Port, simply accept it”
Basically, with stateful firewalls traffic is disallowed by default unless the thing in the LAN is the one that initiates it. You add exceptions to say oncoming traffic is allowed on certain ports to certain devices.
The only difference v.s. port forwarding & NAT is that you can refer to different devices explicitly off of the LAN, meaning you could host two ssh instances, both on port 22, and have your firewall allow traffic through to both. You can then ssh outside the LAN on port 22 to either device. With port forwarding and NAT, since you only have 1 IP that isn’t possible.
The convenience factor is you can say things like, both services run on port 443 and host a web server. Both services get their own IP you can refer too off of the LAN, and you just add an exception to the firewall to let incoming traffic through on those ports on either IP. No finnicking around with reverse proxies pointing to different hosts needed.