Forum Discussion
Getting Started with IPv6 on HughesNet
I've recently had HN installed at my home. It was disappointing to learn that gen5 technology doesn't allow the use of IPv4 based dynamic DNS services, but I guess good for them for embracing the fut...
Hi Matt,
I'm glad you found the community, thank you for posting. I checked with our top network engineer on this and this was his input on the matter:
The user is correct that he can’t use the fd0d:: ULA address to access from the outside. However, Hughes does provide a 2001:5b0:: prefix that is globally routable and can be reached from the outside.
While the prefix can be found on the terminal (as LAN prefix; not WAN prefix), the actual IPv6 address that the user needs to use is the one assigned to whatever device the user is trying to access. E.g., windows : ipconfig; linux: ifconifg, etc.
This is different than IPv4 because there is no NAT in between the end device and the Internet with IPv6.
Because this prefix and, thus, the IPv6 address of the device, can and does change, a dynamic DNS service is needed to use a name to map to current IPv6 address.
Hope that sheds light on your concern!
As a follow up, it appears that HN doesn't even use static v6 addresses. This seems crazy. Wasn't IPv6 supposed to solve / eliminate the need for carrier grade NAT and roaming IP addresses?
Both of the below threads are 2+ years old. Has anything changed?
https://community.hughesnet.com/t5/Tech-Support/HT2000W-IPv6-inbound-services/m-p/83342#M58814
If MarkJFine is still around, he may be able to address this; but you may also want to wait for the mods to post a reply before engaging in further speculation.
HughesNet does use public facing static IPv6 addresses. However, I believe the issue is that the IP is only forward facing, because of the satellite-based architecture and you're still behind a double-NAT. So places like web sites will be able to rDNS your public IP for ID purposes, but will still not be able to reach into your network. If I understand correctly, HughesNet reserves the kind of access you're looking for on special SME/business accounts.
BTW: If I could stick my 2 cents in, I'd be more than a little wary of Linode. I regularly see some pretty sketchy and malicious behavior coming from them on the two server sites I administer: One domestically located, another on a 1&1 server in Germany. The nature of the behavior leads me to believe it's not coming from internet security companies, but hackers probing for vulnerabilities. For that reason I have Linode completely firewalled all over the place.
OK, thanks for the info.
Regarding Linode (and digital ocean, etc.) I always keep them locked down pretty good and use SSL for SSH and OpenVPN access. It's pretty shocking to watch the kernel log for iptables ping requests that are dropped.
DigitalOcean, Google Cloud, AmazonAWS, Oracle Cloud, OVH, Proxad, ColoCrossing...
Anything Chinese, Russian, Ukranian, or Brazillian... (just about to add Iranian or Turkish)
and that's just the tip of the iceberg. My htaccess files are in excess of 278kb.
