v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space
jfbeam at gmail.com
Mon Feb 9 16:11:25 CST 2009
On Sat, 07 Feb 2009 14:31:57 -0500, Stephen Sprunk <stephen at sprunk.org>
> Non-NAT firewalls do have some appeal, because they don't need to mangle
> the packets, just passively observe them and open pinholes when
This is exactly the same with NAT and non-NAT -- making any anti-NAT
In the case of NAT, the "helper" has to understand the protocol to know
what traffic to map.
In the case of a stateful firewalling ("non-NAT"), the "helper" has to
understand the protocol to know what traffic to allow.
Subtle difference, but in the end, the same thing... if your gateway
doesn't know what you are doing, odds are it will interfere with it. In
all cases, end-to-end transparency doesn't exist. (as has been the case
for well over a decade.)
More information about the NANOG