IPv6 - real vs theoretical problems

William Herrin bill at herrin.us
Fri Jan 7 20:49:15 CST 2011

On Fri, Jan 7, 2011 at 9:00 PM, Dobbins, Roland <rdobbins at arbor.net> wrote:
> On Jan 8, 2011, at 8:54 AM, William Herrin wrote:
>> I presume you don't intend us to conclude that a bastion
>> host firewall provides no security benefit to the equipment it
>> protects.
> If it's protecting workstations, yes, it has some positive security value - but not due to NAT.

Hi Roland,

I see. Would I misstate your view if I characterized it as:

"A bastion host firewall which simulates identical IP addresses on
both sides provides at least as effective security as an otherwise
identical firewall which does not."

Bill Herrin

William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

More information about the NANOG mailing list