On Thu, 2010-09-09 at 20:02 +0200, Anders Johansson wrote:
On Thursday 09 September 2010, James Knott wrote:
Using NAT, for outgoing traffic is simple. However, as soon as you want remote access to computers behind your firewall, things get "interesting". There is no simple way to access multiple computers with the same protocol. You have to resort to tricks such as non-standard ports, or, as you mentioned in another note, relaying ssh. A VPN will work (assuming no NAT address clash), but you might not have one handy. It might also be blocked by the local firewall. Are you seriously suggesting that having a firewall is a problem
No, I don't read that in the above text at all.
, and that anything less than complete, unrestricted and unauthenticated access to the LAN is in some sense broken?
Nothing said above isn't fact. With IPv4+NAT: * There is no simple way to access multiple computers with the same protocol. * You have to resort to tricks such as non-standard ports, * A VPN will work - assuming no NAT address clash I agree the "It might also be blocked by the local firewall" statement is confusing. It doesn't invalidate any of the other statements. With a firewall'd IPv6 network you just say - permit inbound :80. Done. No need to port forward 80 on the external interface to A.B.C.D:80 on some internal host. Or you can say permit inbound :80 just to A.B.C.D.E.F. And if you want to access port 80 on two machines - no problem. No need to have one be :80 and the other :81 as is required with NAT (and makes for hackish URLs). -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org