On Mon, 2010-12-06 at 19:26 -0600, Les Mikesell wrote: > On 12/6/10 6:27 PM, Brian Mathis wrote: > > You are enjoying a side-effect of NAT by thinking it > > is a firewall. > The other nice side-effect of NAT is that you get an effectively infinite number > of addresses behind it without any pre-arrangement with anyone else. Even if > ISPs hand out what they expect to reasonably-sized blocks, won't it be much > harder to deal with when you outgrow your allotment? We've had the opportunity > to move to ipv6 for ages but we haven't (in the US, anyway). I think the reason > is that most people like the way NAT works and don't really want a public > address on every device. Bogus. The reason is that they haven't been pressured into adoption by higher powers; so we will get into a nice scramble to migrate in a pinch. "most people" have no idea what NAT is, don't care, and shouldn't have to care. Some people's belief that NAT is some magic sauce that makes them more secure [it does not] or provides them more flexibility [it does not] than real addresses ... causes the people who understand networking to have to spend time explaining that their love of NAT is misguided and their beliefs about NAT are bogus.