v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space

Mark Newton newton at internode.com.au
Mon Feb 9 17:58:47 CST 2009


On 10/02/2009, at 10:17 AM, Owen DeLong wrote:
>>
>> Sure, but at the end of the day a non-NAT firewall is just a  
>> special case
>> of NAT firewall where the "inside" and "outside" addresses happen to
>> be the same.
>
> Uh, that's a pretty twisted view.  I would say that NAT is a special
> additional capability of the firewall which mangles the address(es)
> in the packet.  I would not regard passing the address unmangled
> as a "special case" of mangling.

You're passing a value judgement on NAT, using loaded terms like  
"mangling"
and "twisted".

Fine, you don't like rewriting L3 addresses and L4 port numbers.  Yep,
I get that.  Relevance?

> In terms of implementing the code, sure, the result is about the same,
> but, the key point here is that there really isn't a benefit to  
> having that
> packet mangling code in IPv6.

There is if you have a dual-stack device, your L4-and-above protocols
are the same under v4 and v6, and you don't want to reinvent the ALG  
wheel.

   - mark

--
Mark Newton                               Email:  newton at internode.com.au 
  (W)
Network Engineer                          Email:   
newton at atdot.dotat.org  (H)
Internode Pty Ltd                         Desk:   +61-8-82282999
"Network Man" - Anagram of "Mark Newton"  Mobile: +61-416-202-223









More information about the NANOG mailing list