quietly....
Jay Ashworth
jra at baylink.com
Thu Feb 3 16:29:01 UTC 2011
----- Original Message -----
> From: "Jon Lewis" <jlewis at lewis.org>
> There's an awful lot of inertia in the "NAPT/firewall keeps our hosts
> safe from the internet" mentality. Sure, a stateful firewall can be
> configured allow all outbound traffic and only connected/related
> inbound.
> When someone breaks or shuts off that filter, traffic through the NAPT
> firewall stops working. On the stateful firewall with public IPs on
> both sides, everything works...including the traffic you didn't want.
Precisely.
This is the crux of the argument I've been trying, rather ineptly,
to make: when it breaks, *which way does it fail*. NAT fails safe,
generally.
> People are going to want NAT66...and not providing it may slow down
> IPv6 adoption.
You're using the future tense there, Jon; are you sure you didn't mean
to use the present? Or the past...?
Cheers,
-- jra
More information about the NANOG
mailing list