On 12/7/10 10:20 AM, Adam Tauno Williams wrote: > >>> Some people's belief that NAT is some magic sauce that makes > themmore >>> secure [it does not] or provides them more flexibility [it does not] >>> than real addresses ... causes the people who understand networking to >>> have to spend time explaining that their love of NAT is misguided and >>> their beliefs about NAT are bogus. >> If the ipv6 routers come with defaults that work the same as current NAT >> routers, people will be able to continue to misunderstand them happily. That is, >> permit outbound client connections from anything connected behind them without >> much regard to how many devices there are, and block everything else. > > And doesn't that sound like you just describe a firewall? It sounds like a complex setup for a firewall with dynamic entries to temporarily pass tcp and upd with different timeouts, where 1->many NAT doesn't have any other choice. If you don't send outbound you don't get the nat table entry to forward anything back through it. > "permit outbound client connections from anything connected behind them > without much regard to how many devices there are, and block everything > else" isn't NAT. That's a router/firewall. Happily IPv6 does that > exactly. You didn't mention the number of devices - how does that play out when you exceed the number initially set up? -- Les Mikesell lesmikesell@xxxxxxxxx _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos