The main problem with IPv6 is that it is different from IPv4. There's SLAAC, there's no ARP and there're also some other differences. In the end, it's simpler to just not bother.
Yup. People learn parts of v4 through osmosis because it's the default. Then when networking topics come up, it's easier to keep going with stuff that looks familiar rather than un-learning assumptions. Why bother with the weird other thing that's not even mandatory?
Because IPv4 is logical and makes sense. First thing which IPv6 came up with? No NATs everything will have a public address. It turned out that this was hare brained idea so let's just cover it up with firewall. However misconfigured firewall means that everything is open... IPv6 has been designed by people who were unable to think further than what is going to be tomorrow for a lunch.
IPv4 came out in 1982 and was designed for every device to have a unique public address. Protocols like FTP were designed to literally pass an IP address to connect directly to.
As addresses started running out, the NAT RFC was published in 1994 and described NAT as a "short-term solution". NAT was never meant to be an integral part of IPv4. https://www.rfc-editor.org/rfc/rfc1631
NAT broke a ton of things which required more and more hacks piled on, making it more complex to build services on top if it (e.g., a server in the middle to proxy all the traffic needed between peers is a 100% requirement, with all the maintenance and scaling headaches that come with it).
So you actually agree with me, that making all addresses public was stupid to begin with. It was stupid on IPv4 and it remain stupid on IPv6, yet we already have experience from IPv4 that it was stupid.
> So you actually agree with me, that making all addresses public was stupid to begin with.
If an address is not public how can you start an connection from it, or end a connection at it? A web server needs a public address if you want to have people reach it. And you, at some point, also have to have a public address if you want to connect to pubic services: either on your end-host, at your CPE/router's WAN interface, or on an interface of your ISP's CG-NAT box.
But having a public address on your end-host also allows for much more functionality than if you were stuck behind CPE-NAT or CG-NAT. Now, you don't have to use this functionality—just like how I didn't when my printer gets an publicly addressable (but not publicly reachable) IPv6 address—but it opens up various possibilities.
Well, actually it will. In fact, even correctly configured NAT won't stop connections into your network.
On top of that, it lulls you into a false sense of security, so you confidently think it's protecting you even when it isn't. At least not having NAT makes the actual state of your network clearer.
Port forwarding requires a port forward rule that matches the inbound connection. If there's no such rule... NAT won't stop the connection, it will just ignore it.
If no other aspect of your setup blocks the connection, it'll be successful. If you were deploying NAT because you thought it would function as a firewall then this part is probably not intentional.
Isn't that the first thing that IPv4 came up with as well? One publicly routable address per device that wants to access the Internet (or the network of universities or military installations or whichever network you were on pre-Internet).
You see and IPv6 was not able to learn from the failure - people does not want to have all computers in one network, same like people does not want to live in one skyscraper.
