Mailinglist Archive: opensuse (1826 mails)

< Previous Next >
Re: [opensuse] Moving to IPv6
  • From: James Knott <james.knott@xxxxxxxxxx>
  • Date: Thu, 09 Sep 2010 16:47:17 -0400
  • Message-id: <4C8947D5.5050202@xxxxxxxxxx>
Anton Aylward wrote:
James Knott said the following on 09/09/2010 12:33 PM:

Using NAT, for outgoing traffic is simple.
Which is the 90% case for home computing, and that is getting to be a
major load on the 'Net.
One of the cable companies in my part of the world has announced PVRs that can be programmed remotely via the internet. What does said home user do now? What if he has two or more PVRs? Other appliances are coming which consumers may want to access from outside the home. Lot's of people have media servers now. What about them?

Most home users don't have the technical sophistication to configure a
firewall, v4 or v6, and don't need inbound access.

The point here is that your arguments about peer-to-peer connectivity do
not apply to them.

And they probably neither want nor can afford a cluster of IPv4
addresses.[1]

In fact, when I think about it, they don't apply in a lot of corporate
settings either. Many organisations don't want to allow inbound access
to just any machine, and 'un-routable' subnets are useful for that :-)

"Support" you say? Well Per Jensen showed how to ssh though NAT. I've
BTDT myself for support, and also in a M$ environment. I know of quite
a few Big Name Corporations that use NAT - not for their whole
organization but certainly for an isolated subnet.

James: I think you are (a) underestimating the utility value of NAT and
so condemning it even for IPv4 and (b) assuming every user of the 'Net
has your degree of technical sophistication.

NAT produces zero benefit over a properly configured firewall. It does cause problems for many genuine needs.
[1] Yes, IPv6 addresses will be as available and cheap as the nuclear
electricity we were promised back in the late '40s and early '50s. But
the reality is that letting Joe Sixpack expose all his internal home
devices so they can 'peer-to-peer' with anything else on the 'Net will
be a security nightmare.

Already some devices can talk to firewall routers, to open a port to them. There's no reason why that shouldn't continue with or without NAT. Not using NAT makes it easier for multiple devices.


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread