v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space
owen at delong.com
Mon Feb 9 22:44:45 UTC 2009
On Feb 9, 2009, at 2:11 PM, Ricky Beam wrote:
> On Sat, 07 Feb 2009 14:31:57 -0500, Stephen Sprunk
> <stephen at sprunk.org> wrote:
>> Non-NAT firewalls do have some appeal, because they don't need to
>> the packets, just passively observe them and open pinholes when
> This is exactly the same with NAT and non-NAT -- making any anti-NAT
> arguments null.
And making the PRO-NAT arguments in this respect equally NULL.
This was being touted as a benefit of NAT, not a reason not to do NAT.
Your statement proves my point... It is NOT a reason to do NAT or a
benefit derived from NAT.
> In the case of NAT, the "helper" has to understand the protocol to
> know what traffic to map.
> In the case of a stateful firewalling ("non-NAT"), the "helper" has
> to understand the protocol to know what traffic to allow.
> Subtle difference, but in the end, the same thing... if your gateway
> doesn't know what you are doing, odds are it will interfere with
> it. In all cases, end-to-end transparency doesn't exist. (as has
> been the case for well over a decade.)
Right. This is the counterpoint to the argument that NAT is needed.
now agreed that it is not.
More information about the NANOG