Once upon a time, Fernando Lozano <fernando@xxxxxxxxxxxxx> said: > If NAT prevents anyone from the internet to try to connect to my > computer, this is increased security. After all, don't we configure > firewalls exactly to prevent unwanted connections? Use the firewall, ditch the NAT. NAT does not increase security over a firewall. In some cases, NAT prevents a user from accessing the Internet, rather than the other way around. > NAT is a fact today, has been for years, and people have been using > Bittorrent and Skype regardless. And sometimes they (and other applications) don't work, because of things like layered NAT. > For home users and SMBs, NAT is something that was taken care of. > IPv6 is a whole new bunch of risks. I am not against IPv6 per se. I > am against wide use of IPv6 right now. Let it mature. How will it "mature" if nobody tries it? Fedora is a leading-edge operating system, and full IPv6 support is part of that. > >As IPv4 runs out, some ISPs are turning to "Carrier Grade NAT", which > >adds layers of NAT that break things like P2P applications and IPSec. > I'll happily trade IPSec for OpenVPN. ;-) That's nice, but in the real world, users have to connect to VPNs configured by others (and many businesses need hardware VPN concentrators, which OpenVPN won't work with). > To just use the network they need only IPv4. That is not true in some places (and the number of such places is increasing all the time). > They don't need the > security risks that current IPv6 implementation and default > configurations adds. Today, IPv6 is far from "just works". You are > advocating using all end users as guiena pigs for IPv6 evolution. I > advocate evolving IPv6 before exposing end users to ti. You are several years behind the curve on IPv6. You keep talking about IPv6 security risks (over IPv4), but haven't cited any. IPv6 does "just work" in many places; there are a lot of people that are using IPv6 and don't even know it (because they don't need to know; they just want to get to Facebook/Gmail/etc.). Fedora (and most Linux distributions I believe) have had IPv6 enabled-by-default for years; so have Mac OS X and Windows (even XP since IIRC SP2 will get an IPv6 autoconf address and use IPv6 transparently). Whether you like it or not, IPv6 is here today and is here to stay. There is no practical alternative. Will there be bugs? Yes, of course; people are still finding IPv4 bugs as well. -- Chris Adams <linux@xxxxxxxxxxx> -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org