Cool IPv6 Stuff
Iljitsch van Beijnum
iljitsch at muada.com
Wed Jun 6 07:48:36 UTC 2007
On 5-jun-2007, at 4:29, Adrian Chadd wrote:
>> Don't forget that the reason NAT works to the degree that it does
>> today is because of all the workarounds in applications or protocol-
>> specific workarounds in the NATs (ALGs). In IPv6, you don't have any
>> of this stuff, so IPv6 NAT gets you nowhere fast with any protocol
>> that does more than something HTTP-like. (Yes, I've tried it.)
> Won't stateful firewalls have similar issues? Ie, if you craft a
> stateful
> firewall to allow an office to have real IPv6 addresses but not to
> allow
> arbitrary connections in/out (ie, the "stateful" bit), won't said
> stateful
> require protocol tracking modules with similar (but not -as-)
> complexity
> to the existing NAT modules?
I'm afraid so, yes.
http://arstechnica.com/articles/paedia/ipv6-firewall-mixed-blessing.ars
More information about the NANOG
mailing list