Chris Palmer <chris@xxxxxxx>: > There's another feature of NAT that is desirable that has not yet been > mentioned, and which at least some customers may be cognizant of: the > fact that NAT is a pretty restrictive firewall. > > I'm as big a fan of the end-to-end principle as anybody, but until the > ends are trustworthy, we can't get there. Whether by IPv6 or IPv4, > less-than-fanatically-administered Windows and Unix systems simply > cannot be directly connected to the Internet. I wouldn't go that far. I wouldn't describe myself as a fanatical admin; "lazy" and "barely competent" would be closer to the mark :-). Despite this, I've never had a breakin in more than a decade. I'm comfortable connecting a Linux system directly to the Internet, as long as the internal software firewall is on, It's nice to have my firewalling done by a box that is too stupid to be cracked, but what I need from the Linksys is really the address multiplexing. -- <a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
Attachment:
pgpkbAR2HEmoU.pgp
Description: PGP signature
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf