Mailinglist Archive: opensuse (1777 mails)

< Previous Next >
Re: [opensuse] Moving to IPv6
  • From: Adam Tauno Williams <awilliam@xxxxxxxxxxxxx>
  • Date: Thu, 09 Sep 2010 16:55:54 -0400
  • Message-id: <1284065754.3942.79.camel@xxxxxxxxxxxxxxx>
On Thu, 2010-09-09 at 16:45 -0400, dwgallien wrote:

Btw, seems that this discussion has moved to the religious debate stage.
Can we at least hold off the snark?

Perhaps it sounds that way, but Adam is correct on all technical points
and so he should absolutely not allow anyone to get the idea that the
dissenting opinions hold any water if he cares about accuracy of
documentation and the safety of others.
If the inarguability of facts looks like the unshakability of faith,
well that's just too bad for those who practice faith in things other
than facts.
Why should he or anyone else care if anyone else understands the issues
here? Because unfortunately none of us exists alone. One cannot simply
opt to do the right thing while allowing others to be stupid if they
want. I can't use .odt, .ogg, and .ogv files which would be better for
_everyone_ if we all did, because too many of the people I must interact
with don't understand and don't care why they should not use .xls, .mp3,
and h264 files because as far as they can tell it "works for them".
When too many people don't understand something and/or don't care to
even try to understand, then the broken system that popularity==validity
results in the knowledgeable minority being forced by circumstances
outside their control to live with, participate in, and even commit,
broken crap themselves even though they know better and are willing to
do better.
That's fine, it seems I was not clear:
My comment was a general one re a nbr of the posts, not directed towards
anyone in particular. I thought that was implied.

Well, when I said "It seems a lot of people are very much confusing the
functionality of a router, a firewall, and NAT." I meant exactly that;
no snark intended. The comments about NAT *clearly* indicate a failure
to distinguish between NAT, firewall, and routing [three different
capabilities].

Routing - moving packets. IPv6 allows 'normal' routing between any two
points [which NAT breaks].

Firewalls - control access [not NAT]. Being routable [and theoretically
reachable] is not the same as being accessible. Most "firewalls"
support NAT, that doesn't make a firewall and NAT the same thing.
Firewalls can be positioned at *routed* ingress/egress points, so the
every-device-must-be-firewalled arguement is bogus [although it isn't a
bad idea - even in an IPv4 NAT'd world].

NAT - a hack to allow use of private IPv4 ranges to access resources
outside the local subnet. NAT breaks good things like GRE tunnels, and
SCTP [anyone want a faster Internet?] - even outgoing, it isn't just an
inbound issue. NAT breaks the topology, and if the address-space
constraint is removed - adds nothing.

<http://www.faqs.org/rfcs/rfc1627.html>
<http://www.cs.utk.edu/~moore/what-nats-break.html>

A technical debate on the facts and perceived merits is welcome. However, it
is neither advanced nor enhanced by language that personalizes, condescends,
or insults.
I was just hoping to calm the waters a bit. Apparently I failed, so let's
leave it at that.


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread
Follow Ups