quietly....

Jay Ashworth jra at baylink.com
Thu Feb 3 10:29:01 CST 2011


----- Original Message -----
> From: "Jon Lewis" <jlewis at lewis.org>

> There's an awful lot of inertia in the "NAPT/firewall keeps our hosts
> safe from the internet" mentality. Sure, a stateful firewall can be
> configured allow all outbound traffic and only connected/related
> inbound.

> When someone breaks or shuts off that filter, traffic through the NAPT
> firewall stops working. On the stateful firewall with public IPs on
> both sides, everything works...including the traffic you didn't want.

Precisely.

This is the crux of the argument I've been trying, rather ineptly,
to make: when it breaks, *which way does it fail*.  NAT fails safe,
generally.

> People are going to want NAT66...and not providing it may slow down
> IPv6 adoption.

You're using the future tense there, Jon; are you sure you didn't mean
to use the present?  Or the past...?

Cheers,
-- jra




More information about the NANOG mailing list