[CentOS] IPV4 is nearly depleted, are you ready for IPV6?

Adam Tauno Williams awilliam at whitemice.org
Tue Dec 7 16:20:13 UTC 2010


On Tue, 2010-12-07 at 10:16 -0600, Les Mikesell wrote: 
> On 12/7/10 9:04 AM, Adam Tauno Williams wrote:
>> Some people's belief that NAT is some magic sauce that makes
themmore 
> > secure [it does not] or provides them more flexibility [it does not]
> > than real addresses ... causes the people who understand networking to
> > have to spend time explaining that their love of NAT is misguided and
> > their beliefs about NAT are bogus.
> If the ipv6 routers come with defaults that work the same as current NAT 
> routers, people will be able to continue to misunderstand them happily. That is, 
> permit outbound client connections from anything connected behind them without 
> much regard to how many devices there are, and block everything else.

And doesn't that sound like you just describe a firewall?

"permit outbound client connections from anything connected behind them
without  much regard to how many devices there are, and block everything
else" isn't NAT.  That's a router/firewall.  Happily IPv6 does that
exactly.




More information about the CentOS mailing list