[mythtv] Proposed change to Network Communications

rudy zijlstra mythtv at grumpydevil.homelinux.org
Thu Mar 9 22:01:01 UTC 2017



On 09-03-17 22:42, Stuart Auchterlonie wrote:
> On 09/03/17 21:35, Peter Bennett wrote:
>>
>> On 03/08/2017 11:46 AM, Gary Buhrmaster wrote:
>>> Do not get me wrong, I think IPv6 is the now, and
>>> IPv4 is legacy/dead.  But the myth protocol has been
>>> regularly stated by the MythTV elders as not being
>>> public Internet ready, and only with stateful protection
>>> (or someone who knows how to configure firewall rules)
>>> should one consider running the device on the public
>>> Internet.  Changing the defaults to run IPv6 publicly
>>> will require stepping up the other parts of the protocol
>>> (one mitigation short of authentication might be to set
>>> the TTL for the myth protocol to something like 3,
>>> (just like DTCP-IP), which is more or less "in the
>>> residence" for 98% of the users).
>> Thinking about this some more, I came up with an addition to the
>> previous proposal.
>>
>> Keep the "Listen on all ip addresses" checkbox that I proposed.
>>
>> Whether or not "Listen on all ip addresses" is checked, check the sender
>> of all incoming connections. If the sender is a public IP address,
>> simply ignore the connection.
>>
>> Provide a checkbox labeled "NOT RECOMMENDED - Allow connections from the
>> Internet". Default this to unchecked. When this is unchecked, only
>> provide private ip addresses from the below list in the drop down boxes
>> for IP address. When it is checked, provide all ip addresses in the drop
>> down and bypass the sender ip address check.
>>
>> The following IP addresses are the private ip addresses that would be
>> allowed. Everything else would be rejected.
>>
>> 192.168.0.0 - 192.168.255.255
>> 172.16.0.0 - 172.31.255.255
>> 10.0.0.0 - 10.255.255.255
>> 127.0.0.1 (local loop-back)
>> 169.254.0.0 - 169.254.255.255 (link-local)
>> ::1 (local loop-back)
>> fe80::/10 (link-local)
>> fc00::/7 (unique local)
>>
> This will work for all the "local" addresses inside a home network.
>
> As ipv6 gains more widespread adoption, the primary mechanism that
> ISP's will use to provide global ipv6 address space inside the home
> network is "prefix delegation". This is where the ISP tells the
> router the /64 network that it should assign addresses from.
The delegated prefix does not need to be a /64. In fact, the prefix i 
have is a /48 :)

The delegated prefixes are likely between /56 and /64

Cheers

Rudy


More information about the mythtv-dev mailing list