view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
EDIT: Quoting @Kid_Thunder@kbin.social from elsewhere in the thread because they summed it up beautifully:
NAT is not security.
NAT is a stop-gap measure because there aren't enough IPv4 addresses that exist in the world. NAT was created so multiple Local Area Networks all over the world could use the same IP numbers and not end up with IP conflicts.
Way way way back in the early days of the internet, there were no LAN IP and WAN IPs You had your Wide Area Network (Internet) IP and that was it. Prior to NAT all devices were directly accessible via their WAN IP on the whole ass internet.
To give you an idea, IPv4 came out in 1980 and it wasn't until May of 1994 that the first RFC on NAT was published.
IPv6 is a full replacement for IPv4 that has not been fully adopted despite being around for 20 years or so. It has something like 16 undicillion (I don't recall, it's a fucking massive number) existing IP numbers, so it could take a few generations for it to run out of address space.
The thing is, it's come full circle and IPv6 now is the same as IPv4 used to be and you can access a "local" IP directly from the wider internet and Network Address Translation is not needed in the routing setup at all. (I believe it's called a Global Unicast Address, but it's been a minute, so don't quote me on that)
I reiterate NAT was never meant as a real security measure as it is simply Security Through Obscurity at best.
Further, it's not even that obscure, NAT is often misconfigured meaning internal IPs and ports leak to the wider internet regularly.
Obligatory South Park Ski Instructor:
https://en.wikipedia.org/wiki/Network_address_translation
https://en.wikipedia.org/wiki/Internet_Protocol_version_4
https://en.wikipedia.org/wiki/Internet_Protocol_version_4#Address_space_exhaustion
https://en.wikipedia.org/wiki/IPv6_address
https://en.wikipedia.org/wiki/IPv6_address#Unicast_addresses
I think this is a bit too strong. The bit about NAT that people associate with improved security is that it acts as a stateful firewall. This basically means that it allows outbound connections not inbound connections.
A preventing inbound connections does provide a meaningful reduction in attack surface. No longer is every vulnerability scan on the internet going to probe your machine and it is going to be much harder for a remote attacker to get access.
However there are two main flaws: