You don’t need a static IP if you use a Dynamic DNS Provider. A dynamic IP will work as good as a static one, as long it is a puplic IPv4 address. No need to pay extra money to your ISP.
I gotcha. Yeah then you would need a VPN. Personally I’ve never had a provider that does that and I’ve used quite a few different ones over the years so that’s not the first thing that comes to mind.
In this thread we figured out that @marangkas18’s ISP doesn’t provide a public IP:
So, seems ISP wants an additional money to remove CGNAT…
You’re the only one who figured it out from this thread. Did the OP send you a DM with that info? Every time you asked him if the WAN IP matches the IP from yougetsignal he answers a different question or comes up with a new problem. I admire your patience…
4 Likes
Yes, I got a DM message with a screenshot of WAN IP. This is why I posted an explanation in that thread, but perhaps not clear enough. Updated, thank you!
However, there could be another missing information, for example @marangkas18 might contact ISP and they gave a dynamic public IP for free.
@marangkas18 is this the case? Or the only offer from them was a static public IP for additional fee?
1 Like
Folks, it is important to understand the difference between Dynamic and Static IP addresses. A IPv4 issued by the ISP may be dynamic or static and both work for Storj (normally is dynamic and that is fine, just use DDNS and all works). All you need is a Public IPv4 address not necessarily a static.
What happens often is that ISPs don’t have enough Public IPv4 addresses to issue to users and that is the current stats of most ISPs worldwide, so don’t blame your ISP if they don’t give you or charge for it. It is the normal scarce scenario. This is growing fast and there is not much that can be done about it regarding IPv4.
What many ISPs do now a days is to issue as well IPv6 addresses which are always public and could resolve this problem for Storj once of all, but this has been already brought up to Storj development and don’t seem too much interested in finding ways to make it work for Storagenodes. At least the responses were most “most people still use IPv4 and there are chalanges to make it work”. Of course there are !
Yes it is not a trivial task but there are solutions and for that to happen things need to be properly organized, to exist interest from the development people to make it happen, do all the necessary tests and find the correct balance to start working with IPv4 + IPv6 users and IPv6-only users. If nothing is started these answers will not be found ever.
1 Like
The extended version: our software is developed to support both IPv4 and IPv6, our S3-compatible Gateways already uses IPv6, if the customer can use it. Storagenode supports IPv6 as well. Our satellites can work with IPv6 too, but our satellites still uses IPv4 because of limitations of cloud provider, not because it’s our decision. When the customer uses a native integration, not GatewayMT, they contacts storagenodes directly, so both sides should support IPv4 and IPv6, so if the customer doesn’t support IPv6, it cannot connect to IPv6-only storagenodes.
Most of the customers still uses IPv4-only connections, so right now storagenodes should use dual stack where is possible.
1 Like
Well, storagenodes may support IPv6 protocol but they currently don’t not communicate in IPv6-only and satellites cannot manage IPv6-only storagenodes sharing their resources, therefore IPv6-only or IPv6 + CGNAT are not an working option for sharing resources at the present.
The decision to remain with a cloud provider that doesn’t fully support IPv6 is yours. There are others that support and a movement can be started anytime to migrate stuff if they don’t start supporting.
If IPv6-only support is not worked out anytime IPv4-only will remain being the only way to share resources.
I believe the Community will be able to run a Community satellites and then IPv6-only nodes can join them, while we solving this IPv6 problem for our satellites.
How can a SNO use dual stack? And what is it?
You need to use DDNS hostname with IPv4 and IPv6 support and use it in your contact.external-address: option (or variable ADDRESS in case of docker version) and configure your network to use a dual stack too (router, PC, docker if used, firewall).
I changed my routers for several times over the year, and ISP, and in newer models I see IPv6 disabled by default. And some articles recommend disabling IPv6 support for seccurity resons. Anyone knows why? How using IPv6 is a security risc? It’s not like UPnP…
No, it’s not UPnP. This is worse - your PC become globally available to anyone. If you, as many others, disabled a firewall (or didn’t install it at all in case of Linux), your PC become a honeypot for malware and hackers.
There is still [should be] a firewall in place on the gateway, just like it is for ipv4.
The only difference is since ipv6 does not need NAT, if the user relied on NAT to prevent connections from the outside, this will no longer work.
But NAT is not firewall; relying on a side effect of NAT that makes it impossible to connect from outside is a bad idea.
When users “open port” or “create port forwarding rule” with ipv4 two things happen:
- a firewall rule is created to allow new inbound connections on wan interface on that port
- DNAT and masquerade traffic to the lan host, because it’s addresss is not routable.
With ipv6 the second one is not needed, but the first one still is: without it the firewall will not accept new connections to the destination. It does not matter if the address is routable or not.
In summary, if vendor of the firewall tells you not to enable ipv6 because it’s a security risk the proportional response is to change the vendor because this one clearly did not bother to build a complete product.
isp may be disabling ipv6 in residential routers to reduce support volume when something inevitably goes wrong with some misconfigured or non compliant customer device. IPv4 is old tech and most already figured out how to make it work, and turning off ipv6 avoids the whole host of issues with dual stack support.
1 Like
As far as I understand, @snorkel doesn’t mean the firewall, more like a router.
So, it’s independent of the vendor, but more like the second reason you mentioned, regarding reducing a volume of support requests.
However, I often see, that Windows users just disabling an integrated firewall to “simplify life”.
1 Like
it’s probably safe to assume that by default what people call “router” is not strictly a “router” but a combo of router, firewall, (switch, wifi, mass storage server, intrusion protector, anti-DDOS, coffee maker, beer brewer and pizza oven)… in other word there still shall be a firewall, especially on consumer routers, exactly because often…
Because often it’s much faster to disable the windows firewall than spend hour hunting down why does it block certain traffic on zerotier network in-spite of everything being enabled, and then give up and disable it anyway. Don’t ask me how I know :).
So for those (majority) of users the firewall on the gateway is what is supposed to be protecting the network from external intrusions.
For honestly I did not see any consumer router with a good firewall, it usually just presets (and very often they blocks any income traffic without an ability to enable some), so I would not count on router’s firewall too much in case of storagenodes and their p2p behavior.
Yes, I was refering to IPv6 disabled on routers. As firewalls setup, I have the ISP router in mediabridge, then my own router with the firewall enabled, default setup, and the Synology nodes, firewall disabled. I don’t know if it matters and if I should enable it. There is nothing else running on it, and no other ports opened besides Storj one.