Mailinglist Archive: opensuse (1826 mails)

< Previous Next >
Re: [opensuse] Moving to IPv6
  • From: James Knott <james.knott@xxxxxxxxxx>
  • Date: Thu, 09 Sep 2010 16:22:19 -0400
  • Message-id: <4C8941FB.8010506@xxxxxxxxxx>
Anders Johansson wrote:
On Thursday 09 September 2010, James Knott wrote:
Using NAT, for outgoing traffic is simple. However, as soon as you want
remote access to computers behind your firewall, things get
"interesting". There is no simple way to access multiple computers with
the same protocol. You have to resort to tricks such as non-standard
ports, or, as you mentioned in another note, relaying ssh. A VPN will
work (assuming no NAT address clash), but you might not have one handy.
It might also be blocked by the local firewall.
Are you seriously suggesting that having a firewall is a problem, and that
anything less than complete, unrestricted and unauthenticated access to the
LAN is in some sense broken?
No, it's not a problem. However, I have experienced having a VPN blocked from the local public library, where free WiFi is available. Unfortunately, they also block the IPv6 tunnel. In some situations, where security is a concern, you'd want to block VPNs, as they'd be a security hole. On the other hand why bother on a publicly available network, as happens at the library (you only require a library card to use it). Of course, if I'm worried about getting past a firewall, all I have to do is fire up my Nexus One, tether to it (via WiFi or USB), and get out that way.
I don't think this is what you want to say, but it certainly sounds as though
those are the words you choose. Somehow I don't think you would argue like
this on other topics that didn't involve NAT.

Quite so, firewalls are an important part of security. They just have to be configured appropriately to the needs.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread