Google wants to be your Internet

Crist Clark Crist.Clark at
Tue Jan 30 18:40:35 UTC 2007

>>> On 1/30/2007 at 12:19 AM, <michael.dillon at> wrote:

>> > IPv6 makes NAT obsolete because IPv6 firewalls can provide all
>> > the useful features of IPv4 NAT without any of the downsides.
>> IPv6 firewalls?  Where?  Good ones?
> Why good ones. NAT is a basic IPv4 firewall. All IPv6 needs to obsolete
> NAT is a firewall that offers all the features of NAT without requiring
> the address translation. Then, instead of setting up a port translation
> for a particular incoming protocol, you simply open up that port without
> modifying the packets as they flow through. Suddenly, SIP works and
> incoming VoIP phonecalls work just like on the phone network.

Oh, if it were so easy. Even without NAT our firewalls still
need to meddle in the application layer. You'll still need
smarts in the firewall to use the bad ol' FTP. And of course
although SIP itself usually uses a fixed port, the calls it
sets up generally do not.

You don't have to modify packets, but you still need to read
them, understand the protocol, and add state entries to your
firewall. The absence of NAT doesn't really save you much work.

Crist J. Clark                               crist.clark at
Globalstar Communications                                (408) 933-4387

B¼information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster at 

More information about the NANOG mailing list