Mailinglist Archive: opensuse (1837 mails)

< Previous Next >
Re: [opensuse] Moving to IPv6
  • From: Anton Aylward <anton.aylward@xxxxxxxxxx>
  • Date: Fri, 10 Sep 2010 08:37:44 -0400
  • Message-id: <4C8A2698.7050407@xxxxxxxxxx>
Per Jessen said the following on 09/10/2010 02:23 AM:
James Knott wrote:

Anders Johansson wrote:
Maybe you're not really listening to yourself, but that is exactly
what you're saying. "With IPv6, I don't have to open up multiple
ports in the firewall to get to internal machines, everything is
directly available".

I suspect you're misreading something. Our point is that with NAT,
when you want to access multiple computers with the same protocol, you
have to resort to non-standard ports or ssh relaying.

And _that_ is the crux of "NAT is broken in a number of ways"? James, I
guess it's matter of wording, but to me the above doesn't mean broken,
at worst it's a very slight disadvantage.

Indeed. From the application programmer's POV its just another API
parameter.

Like I started out saying, I think that NAT, despite rumours of "being
broken in a number of ways", works remarkably well.

It fulfils the objectives of RFC1918 for devices that do not unfettered
peer-to-peer access across the 'Net very well. As a number of us have
pointed out, for SMBs local access dominates.


--
"Security is a chain within the infrastructure and is as secure as its
weakest link. It is not a product nor a series of technologies but a
process of solutions measured against the business needs of the
organization." -- Walter S. Kobus, Jr., CISM CISSP IAM
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread
Follow Ups