Re: IPV4 is nearly depleted, are you ready for IPV6?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Dec 6, 2010, at 8:37 AM, Adam Tauno Williams <awilliam@xxxxxxxxxxxxx> wrote:

> NO NO NO NO NO NO NO and NO!  (*@!^&*@$ &@*^*&$@  &*@^*&@  How many
> times does this have to be explained???  NAT *IS* *NOT* a @*(&^*(^@(*@
> security tool.  It isn't.  Stop saying it is.  You use *firewalls* for
> security.  Just block ingress traffic and you are just as well off as
> you are on NAT - and odds are in your NAT configure you are doing that
> already.  All you do is eliminate the hacks, performance penalty, and
> interoperability problems created by NAT.  NAT is a *problem*, not a
> solution for anything other than a deficient network protocol.

There is no arguing that NAT is not a security tool, but if your firewall drops it's pants it's better to have non-routable addresses behind it.

-Ross

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux