[ale] V6 question
Michael H. Warfield
mhw at WittsEnd.com
Sat Feb 5 12:52:57 EST 2011
On Sat, 2011-02-05 at 12:39 -0500, Mike Harrison wrote:
> On Sat, 5 Feb 2011, Michael B. Trausch wrote:
>
> > On Sat, 2011-02-05 at 11:31 -0500, Jim Lynch wrote:
> >> I'm truly sorry to have missed the talks on IPV6. So how is it going
> >> to replace NAT?
> >
> > You will receive a /64, /56, or /48 from your ISP.
> >
> > There is no network address translation.
> >
> > Remember that NAT was created in order to delay the exhaustion of IPv4
> > address space. Most home and small-office networks use NAT solely for
> > the purpose of being able to have many systems access the Internet via
> > the same IP address (or via a limited pool of IP addresses)---nothing
> > more.
> It also keeps the outside world from connecting to the inside (behind
> firewall) world, What functions that way in your above scenerio, firewall
> rules ?
NAT, Network Address Translation, itself does not. It's the state
engine that drives the NAT mapping state table, operating and acting
just like a firewall, that does that. There are examples of NAT that do
not provide this. Yes, you use a stateful firewall. NAT provides
NOTHING in the way of security over and above a good stateful firewall,
which every Linux system has already in the kernel.
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20110205/8b097e43/attachment.bin
More information about the Ale
mailing list