Doesn’t matter who makes the software, as long as it’s open sourced and audited.

Just because you can doesn’t mean anyone does. I’ve never seen an ISP hand out “private” IPv6 addresses. Ever.

If you’re doing NAT on IPv6, you’re doing it wrong and stupid. Plain and simple.

Network Prefix Translation isn’t the same thing. That’s used for things like MultiWAN so that your IPv6 subnet from another WAN during a failover event can still communicate by chopping off the first half and replacing the subnet with the one from the secondary WAN. It is not NAT like in IPv4 and doesn’t have all of the pitfalls and gotchas. You still have direct communications without the need for things like port forwarding or 1:1 NAT translations.

I’m a Network Engineer of over a decade and a half. I live and breath this shit. Lol.

CGNAT only applies to IPv4. You cannot NAT IPv6 effectively. It’s not designed to be NATed. While there IS provisions for private IPv6 addressing, nobody actually does it because it’s pointless.

It’s why IPv6 is important, but many didn’t listen.

Yes, but OP mentioned nothing about Cloudflare.

Sweet. Both OPNSense and pfSense firewalls have the ability to tie into MaxMind’s GeoIP service. Not sure what your perimeter device is, but it’s pretty easy on those. And free.

Best solution is a VPN to your home network.

However, if you want to host it publicly, at least restrict access to it via GeoIP. For example, if you live in Europe and only need access from there, only allow the areas in Europe you travel to and block everything else. This will greatly reduce your attack surface.

Also, make sure everything is patched. Always. And implement something like fail2ban to deny repeated failed logins, along with a reverse proxy.

pfSense = Firewall and router system based on FreeBSD. Has both open source and commercial versions. Built for SMB to Enterprise uses. Extremely powerful with all of the bells and whistles you’d expect from a professional firewall product.

OPNSense = Basically pfSense with a different UI. It’s a fork of pfSense. Much of the same capability, but is built by a smaller company.

OpenWRT = Replacement firmware for embedded devices (as well as x86). It’s open source WiFi router firmware that runs on tens of thousands of devices. Many vendors will even base their custom firmware on OpenWRT and put a different skin on it (GL.iNet, for example).

If they’re providing IPv6 to you, port forwarding shouldn’t be necessary most of the time for online gaming.

Are they allowing UPnP upstream?

If you’re getting a /64 from your ISP via DHCPv6, you likely need to send a prefix hint. I’d guess /60. Then you’ll have multiple /64s to work with on your inside interfaces.

If you’re allocated DHCPv6-PD with a subnet, you don’t use a relay.

Prefix ID of 0x1 means “Use the first prefix available in the block as a /64 for the LAN”. Essentially your ISP probably gave you a /48, /56, or /60. The firewall is giving prefix IDs to all of the /64s you can fit inside of one of these and allocating them numbers 1 through whatever. Each LAN you have can have its own prefix ID. A /60 has 16 /64 networks that you can subnet it into.

If purchasing isn’t ownership, piracy isn’t stealing.

Host your own Wireguard endpoint on any cloud provider. They give you elastic IPs that you can create 1:1 NATs for your hosts. Maybe not quite as clean, but effectively the same thing.

The SATA controller on the motherboard. The thing you plug your SATA cable into.

Interesting. Does using the app in Chrome do the same thing? Might be worth a bug report, if you haven’t already.

I know, right? Pretty slick.

I stopped using an “app” for Lemmy. Now that m.lemmy.world has wefwef built in, the web app is perfect. Honestly better than most of the native apps out there.

I kind of get it. MinisForum and companies like it have sort of carried the torch of what the NUC started. I loved the NUCs, but this was kind of inevitable.