Anton Aylward wrote:
James Knott said the following on 09/09/2010 12:33 PM:
Using NAT, for outgoing traffic is simple.
Which is the 90% case for home computing, and that is getting to be a major load on the 'Net.
One of the cable companies in my part of the world has announced PVRs that can be programmed remotely via the internet. What does said home user do now? What if he has two or more PVRs? Other appliances are coming which consumers may want to access from outside the home. Lot's of people have media servers now. What about them?
Most home users don't have the technical sophistication to configure a firewall, v4 or v6, and don't need inbound access.
The point here is that your arguments about peer-to-peer connectivity do not apply to them.
And they probably neither want nor can afford a cluster of IPv4 addresses.[1]
In fact, when I think about it, they don't apply in a lot of corporate settings either. Many organisations don't want to allow inbound access to just any machine, and 'un-routable' subnets are useful for that :-)
"Support" you say? Well Per Jensen showed how to ssh though NAT. I've BTDT myself for support, and also in a M$ environment. I know of quite a few Big Name Corporations that use NAT - not for their whole organization but certainly for an isolated subnet.
James: I think you are (a) underestimating the utility value of NAT and so condemning it even for IPv4 and (b) assuming every user of the 'Net has your degree of technical sophistication.
NAT produces zero benefit over a properly configured firewall. It does cause problems for many genuine needs.
[1] Yes, IPv6 addresses will be as available and cheap as the nuclear electricity we were promised back in the late '40s and early '50s. But the reality is that letting Joe Sixpack expose all his internal home devices so they can 'peer-to-peer' with anything else on the 'Net will be a security nightmare.
Already some devices can talk to firewall routers, to open a port to them. There's no reason why that shouldn't continue with or without NAT. Not using NAT makes it easier for multiple devices. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org