Re: Let's talk about yum and p2p in Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sunday 26 December 2010 22:11:17 you wrote:
> On 12/26/2010 02:40 PM, Marko Vojinovic wrote:
> > The only permanent solution to usability of p2p in general is IPv6, where
> > all addresses will be public and thus accessible from outside. And IPv6
> > would fix other protocols broken by introduction of NAT, not just p2p
> > stuff.
> 
>   Why would anyone want all internal machines public anyway ?
> 
>   Historically, we used nat for 2 purposes:
> 
>     (1) to shield inside machines
>     (2) free up ipv4 (was an accidental consequence of (1)

There was a quite large thread on the CentOS list recently about this.

In a nutshell, the conclusion is that (1) is an urban legend --- NAT does   
not (and moreover, should not ) shield your inside machines from outside 
attacks. You still need to use the proper firewall for shielding.

The only benefit of NAT is (2), ie. artificially enlarging the scope of 
available v4 IP numbers, at the price of breaking functionality. And this is 
not a consequence of (1), but rather the primary reason why NAT was introduced 
in the first place.

After IPv6 gets introduced, the number of available IP addresses will be more 
than enough to eliminate any need for NAT, while for security you'll still use 
the same firewall as you needed to do with IPv4. The net gain is that protocols 
that were broken by NAT will not be broken anymore, in addition to the larger 
address space.

Of course, some people will remain dense forever and keep implementing NAT 
even in IPv6, with an illusion that it will improve their security. Those 
people cannot be helped, unfortunately... ;-)

Best, :-)
Marko

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux