Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

They should be giving you at least a /64 if not a /60. That way, you can have multiple subnets that are publicly addressable. The ISP should be informed they're out of best practice/RFC.

And while I get your "double" theme, most of them are non-points. Header size? Use adblock. Routes? Oh no, a residential router will now have four instead of two!

Yes, it's another addressing scheme and I agree, the benefits for many peoples' usage is low. But it isn't so bad.



> I want to have multiple publicly addressable subnets in my home LAN

...is something nobody in the history of home LANs has ever said.


Because they don't know the words. It's not uncommon for people to want to do things that would be best done with a separate subnet though.

For example, VPNing in from your phone or making a separate isolated network for untrusted IoT devices.


being publicly addressable != being publicly accessible

I work in network security. I know what words I'm using.


You want your network of untrusted IoT devices to be publicly accessible??

(Probably not.)


Indeed not. That's not what I said.

I don't even want them talking out to the internet by default, which is why I have a separate subnet with a different set of firewall rules that only allows whitelisted outbound connections.


NAT is a "constrained resource" solution that cosplays as a security solution. Firewalls and ACLs are meant for governing traffic, not NAT.


My home LAN setup has exactly that, and I even switched ISPs to get it.

My old ISP only have me a /64 which is completely useless if you want to create subnets. The new one gave me a static /48.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: