On Tue, 2010-12-07 at 10:16 -0600, Les Mikesell wrote: > On 12/7/10 9:04 AM, Adam Tauno Williams wrote: >> Some people's belief that NAT is some magic sauce that makes themmore > > secure [it does not] or provides them more flexibility [it does not] > > than real addresses ... causes the people who understand networking to > > have to spend time explaining that their love of NAT is misguided and > > their beliefs about NAT are bogus. > If the ipv6 routers come with defaults that work the same as current NAT > routers, people will be able to continue to misunderstand them happily. That is, > permit outbound client connections from anything connected behind them without > much regard to how many devices there are, and block everything else. And doesn't that sound like you just describe a firewall? "permit outbound client connections from anything connected behind them without much regard to how many devices there are, and block everything else" isn't NAT. That's a router/firewall. Happily IPv6 does that exactly.