[ale] V6 question

Michael H. Warfield mhw at WittsEnd.com
Sat Feb 5 12:52:57 EST 2011


On Sat, 2011-02-05 at 12:39 -0500, Mike Harrison wrote: 
> On Sat, 5 Feb 2011, Michael B. Trausch wrote:
> 
> > On Sat, 2011-02-05 at 11:31 -0500, Jim Lynch wrote:
> >> I'm truly sorry to have missed the talks on IPV6.  So how is it going
> >> to replace NAT?
> >
> > You will receive a /64, /56, or /48 from your ISP.
> >
> > There is no network address translation.
> >
> > Remember that NAT was created in order to delay the exhaustion of IPv4
> > address space.  Most home and small-office networks use NAT solely for
> > the purpose of being able to have many systems access the Internet via
> > the same IP address (or via a limited pool of IP addresses)---nothing
> > more.

> It also keeps the outside world from connecting to the inside (behind 
> firewall) world, What functions that way in your above scenerio, firewall 
> rules ?

NAT, Network Address Translation, itself does not.  It's the state
engine that drives the NAT mapping state table, operating and acting
just like a firewall, that does that.  There are examples of NAT that do
not provide this.  Yes, you use a stateful firewall.  NAT provides
NOTHING in the way of security over and above a good stateful firewall,
which every Linux system has already in the kernel.

Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20110205/8b097e43/attachment.bin 


More information about the Ale mailing list