On Dec 7, 2010, at 7:41 PM, Nico Kadel-Garcia <nkadel@xxxxxxxxx> wrote: > On Tue, Dec 7, 2010 at 10:04 AM, Adam Tauno Williams > <awilliam@xxxxxxxxxxxxx> wrote: > >> Bogus. The reason is that they haven't been pressured into adoption by >> higher powers; so we will get into a nice scramble to migrate in a >> pinch. >> >> "most people" have no idea what NAT is, don't care, and shouldn't have >> to care. >> >> Some people's belief that NAT is some magic sauce that makes them more >> secure [it does not] or provides them more flexibility [it does not] >> than real addresses ... causes the people who understand networking to >> have to spend time explaining that their love of NAT is misguided and >> their beliefs about NAT are bogus. > > *I'm* a fairly expert network person. (10base2, baby, I remember > crimping those cables!) Forcing people to specifically select the > services they wish to expose, rather than selecting what to cut off in > configuring a typical firewall, is basic policy automatically enforced > by NAT. It's especially helpful to ISP's, who *do not want* to try to > remember all those furshlugginer individual policies and find it far > simpler in routing and firewall terms to force all traffic to the NAT. Does this mean I have to type in URLs like: http://3ffe:1900:4545:3:200:f8ff:fe21:67cf/ I can only image phonetically calling these off on a support call, I'd get half way through it and the other end would tell me to "forget it I'll wait until DNS is working again". In fact with DNS problems we'd be pretty much crippled. I'd use IPv6 if the addresses weren't so hard to remember. -Ross _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos