Cool IPv6 Stuff

• Previous message (by thread): Cool IPv6 Stuff
• Next message (by thread): Cool IPv6 Stuff
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 5-jun-2007, at 4:29, Adrian Chadd wrote:

>> Don't forget that the reason NAT works to the degree that it does
>> today is because of all the workarounds in applications or protocol-
>> specific workarounds in the NATs (ALGs). In IPv6, you don't have any
>> of this stuff, so IPv6 NAT gets you nowhere fast with any protocol
>> that does more than something HTTP-like. (Yes, I've tried it.)

> Won't stateful firewalls have similar issues? Ie, if you craft a  
> stateful
> firewall to allow an office to have real IPv6 addresses but not to  
> allow
> arbitrary connections in/out (ie, the "stateful" bit), won't said  
> stateful
> require protocol tracking modules with similar (but not -as-)  
> complexity
> to the existing NAT modules?

I'm afraid so, yes.

http://arstechnica.com/articles/paedia/ipv6-firewall-mixed-blessing.ars

• Previous message (by thread): Cool IPv6 Stuff
• Next message (by thread): Cool IPv6 Stuff
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]