James Knott said the following on 09/09/2010 12:33 PM:
Using NAT, for outgoing traffic is simple.
Which is the 90% case for home computing, and that is getting to be a major load on the 'Net. Most home users don't have the technical sophistication to configure a firewall, v4 or v6, and don't need inbound access. The point here is that your arguments about peer-to-peer connectivity do not apply to them. And they probably neither want nor can afford a cluster of IPv4 addresses.[1] In fact, when I think about it, they don't apply in a lot of corporate settings either. Many organisations don't want to allow inbound access to just any machine, and 'un-routable' subnets are useful for that :-) "Support" you say? Well Per Jensen showed how to ssh though NAT. I've BTDT myself for support, and also in a M$ environment. I know of quite a few Big Name Corporations that use NAT - not for their whole organization but certainly for an isolated subnet. James: I think you are (a) underestimating the utility value of NAT and so condemning it even for IPv4 and (b) assuming every user of the 'Net has your degree of technical sophistication. [1] Yes, IPv6 addresses will be as available and cheap as the nuclear electricity we were promised back in the late '40s and early '50s. But the reality is that letting Joe Sixpack expose all his internal home devices so they can 'peer-to-peer' with anything else on the 'Net will be a security nightmare. -- The scientific name for an animal that doesn't either run from or fight its enemies is lunch. - Michael Friedman -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org