Why Recommend IPv6#
- Many netizens are still looking for internal network penetration, which is only needed when there is no external network address.
- Now almost all broadband operators allocate external IPv6 addresses.
- That's why this article exists.
- Free, free, free.
- It doesn't require much configuration, it's stable, simple, and once and for all.
What is Internal Network Penetration#
- Internal network penetration refers to the technology of accessing internal network devices through the external network in an internal network environment.
- Internal network devices usually refer to computers, NAS, cameras, etc. in homes or offices, which do not have public IP addresses and can only communicate with each other in a local area network.
- There are many demands for accessing internal network devices from the external network, such as remote control of computers, viewing camera images, downloading files from NAS, etc.
- The principle of internal network penetration is to forward external network requests to internal network devices through an intermediate server, or to actively connect internal network devices to the intermediate server, thereby achieving bidirectional communication.
Why Use IPv6#
- IPv6 is a new network protocol that can provide more IP address resources and solve the problem of insufficient IPv4 addresses.
- The address format of IPv6 is 8 groups of hexadecimal numbers, with 4 digits in each group, separated by colons, for example: 2409:8b43:311b:b6e0:211:32ff:fe12:3456
- The advantages of IPv6 are as follows:
- Each device can have an independent public IPv6 address, without the need to share an IPv4 address through NAT technology.
- IPv6 supports automatic configuration and plug-and-play, without the need to manually set IP addresses, subnet masks, default gateways, and other parameters.
- IPv6 supports end-to-end encryption and authentication, improving network security.
- IPv6 supports larger data packets and higher transmission efficiency, improving network performance.
How to Configure IPv6#
- To use IPv6 for internal network penetration, you first need to ensure that your network environment supports IPv6, which can be tested through the website http://test-ipv6.com/.
- If your network environment supports IPv6, then you need to follow these steps:
- Set the optical modem to bridge mode and let the router dial-up to the Internet by itself.
- Enable IPv6 functionality in the router and select DHCPv6 client mode to obtain a public IPv6 address.
- Add firewall rules in the router to allow external network access to the IPv6 address and port of the internal network device.
- Enable IPv6 service in the NAS and obtain a public IPv6 address.
How to Use Virtual Machines and Docker to Set Up Services#
- If you want to run applications or services on the NAS, such as web servers, database servers, FTP servers, etc., you can use virtual machines or Docker to set them up.
- A virtual machine is a technology that simulates a complete operating system environment on a physical machine. It can run different operating systems and software, isolate them from each other, and do not affect the performance and security of the physical machine.
- Docker is a technology that runs lightweight containers on an operating system. It can quickly deploy and manage applications, provide a consistent runtime environment, and save resources and time.
- The steps to use virtual machines or Docker on the NAS are as follows:
- Install a virtual machine manager or Docker suite in the NAS's package center.
- Create a virtual machine in the virtual machine manager, select the operating system image, allocate memory and disk space, and start the virtual machine.
- Install and configure the required applications or services in the virtual machine, set up the network and firewall rules, and ensure access within the local area network.
- Search and download the image of the required applications or services in Docker, create a container, set up the network and port mapping, and start the container.
- Run the required applications or services in the container, and ensure access within the local area network.
How to Use the Control Panel to Set Up Reverse Proxy and Bind a Domain Name#
- If you want to access applications or services on your NAS using a domain name instead of an IPv6 address and port number, you can use the control panel to set up reverse proxy and bind a domain name.
- Reverse proxy is a technology that forwards external network requests to internal network servers. It can hide the real address of the internal network server and provide functions such as load balancing and caching.
- A domain name is a technology that maps an IP address to a string that is easy to remember. It can be resolved through a DNS server, making it more convenient for users to access websites or services.
- The steps to set up reverse proxy and bind a domain name using the control panel on the NAS are as follows:
- In the NAS's control panel, select the application portal, click on the reverse proxy tab, and create a new rule.
- Enter a domain name in the source, such as nas.example.com, and enter an IPv6 address and port number of an internal network server in the target, such as [2409:8b43:311b:b6e0:211:32ff:fe12:3456]:8080, and click OK.
- In the NAS's control panel, select security, click on the certificate tab, and create a new certificate. Select to obtain the certificate from Let's Encrypt, enter your domain name and email address, and click OK.
- Set an A record or AAAA record in your domain name registrar to point your domain name to your public IPv6 address, such as 2409:8b43:311b:b6e0:211:32ff:fe12:3456.
- After the DNS resolution takes effect, enter your domain name in the browser, such as https://nas.example.com, to access your internal network server.
- The above is just a simple write-up, equivalent to the blogger's own prompt items.
- Detailed tutorials can be found online, so the blogger won't be annoying here, and tutorials have a limited lifespan. Some configuration tutorials become outdated after the Synology version is updated, so everyone should look for the latest ones online.
- The blogger uses IPv6 to implement their own NAS, Alist, and memo.
- The basic requirements can be met without buying a VPS or anything like that, achieving low cost.
- Reverse proxy can proxy internal IPv4 addresses and convert them to IPv6.
This is an example diagram of me converting a Docker in the internal network. You can directly access it using a domain name without the need for a port.
If you like to tinker, you can leave a message and discuss together.