[CentOS] IPV4 is nearly depleted, are you ready for IPV6?

Ross Walker rswwalker at gmail.com
Mon Dec 6 14:53:08 UTC 2010


On Dec 6, 2010, at 8:37 AM, Adam Tauno Williams <awilliam at whitemice.org> wrote:

> NO NO NO NO NO NO NO and NO!  (*@!^&*@$ &@*^*&$@  &*@^*&@  How many
> times does this have to be explained???  NAT *IS* *NOT* a @*(&^*(^@(*@
> security tool.  It isn't.  Stop saying it is.  You use *firewalls* for
> security.  Just block ingress traffic and you are just as well off as
> you are on NAT - and odds are in your NAT configure you are doing that
> already.  All you do is eliminate the hacks, performance penalty, and
> interoperability problems created by NAT.  NAT is a *problem*, not a
> solution for anything other than a deficient network protocol.

There is no arguing that NAT is not a security tool, but if your firewall drops it's pants it's better to have non-routable addresses behind it.

-Ross




More information about the CentOS mailing list