THE SLOW BUT SURE IPV6 ROLLOUT
NAT breaks one of the original core principles of the internet – endto-end connectivity. In the absence of port forwarding or other workarounds, it’s impossible for two hosts behind NAT routers to communicate. With IPV6 and its massive address space (two to the power of 128 addresses), NAT is all but obviated, since every device can have a guaranteed unique IP address. And in the absence of a firewall there is nothing to stop any Thomas, Richard or Harold on the internet from connecting to your services.
Some ISPS in the UK have finally got around to deploying IPV6, and customers are naturally concerned that all of a sudden services that were running internally are now available to the world. In general there’s no need to panic – IPV6 home routers (sane ones anyway) have a firewall that prevents all incoming connections to the LAN. However, if you are running IPV6 services that you only want machines on your LAN to connect to, then restricting incoming connections, either through the service itself or through a firewall, is still a good idea. The situation is no different for IPV4.
If you are concerned about how accessible you are over IPV6, then you could do a lot worse than Tim Chappell’s IPV6 scanner at https://ipv6.chappell-family.com/ipv6tcptest. Note that this will scan your computer, so you probably shouldn’t do this on a computer that isn’t yours. The scan is harmless (you can check the source), but a keen-eyed sysadmin might get concerned if they detect it.