On Tue, 2010-12-07 at 10:16 -0600, Les Mikesell wrote:
On 12/7/10 9:04 AM, Adam Tauno Williams wrote:
Some people's belief that NAT is some magic sauce that makes
themmore
secure [it does not] or provides them more flexibility [it does not] than real addresses ... causes the people who understand networking to have to spend time explaining that their love of NAT is misguided and their beliefs about NAT are bogus.
If the ipv6 routers come with defaults that work the same as current NAT routers, people will be able to continue to misunderstand them happily. That is, permit outbound client connections from anything connected behind them without much regard to how many devices there are, and block everything else.
And doesn't that sound like you just describe a firewall?
"permit outbound client connections from anything connected behind them without much regard to how many devices there are, and block everything else" isn't NAT. That's a router/firewall. Happily IPv6 does that exactly.