Re: IPV4 is nearly depleted, are you ready for IPV6?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 12/7/10 10:20 AM, Adam Tauno Williams wrote:
>
>>> Some people's belief that NAT is some magic sauce that makes
> themmore
>>> secure [it does not] or provides them more flexibility [it does not]
>>> than real addresses ... causes the people who understand networking to
>>> have to spend time explaining that their love of NAT is misguided and
>>> their beliefs about NAT are bogus.
>> If the ipv6 routers come with defaults that work the same as current NAT
>> routers, people will be able to continue to misunderstand them happily. That is,
>> permit outbound client connections from anything connected behind them without
>> much regard to how many devices there are, and block everything else.
>
> And doesn't that sound like you just describe a firewall?

It sounds like a complex setup for a firewall with dynamic entries to 
temporarily pass tcp and upd with different timeouts, where  1->many NAT doesn't 
have any other choice.  If you don't send outbound you don't get the nat table 
entry to forward anything back through it.

> "permit outbound client connections from anything connected behind them
> without  much regard to how many devices there are, and block everything
> else" isn't NAT.  That's a router/firewall.  Happily IPv6 does that
> exactly.

You didn't mention the number of devices - how does that play out when you 
exceed the number initially set up?

-- 
   Les Mikesell
    lesmikesell@xxxxxxxxx

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux