Per Jessen said the following on 09/10/2010 02:23 AM:
James Knott wrote:
Anders Johansson wrote:
Maybe you're not really listening to yourself, but that is exactly what you're saying. "With IPv6, I don't have to open up multiple ports in the firewall to get to internal machines, everything is directly available".
I suspect you're misreading something. Our point is that with NAT, when you want to access multiple computers with the same protocol, you have to resort to non-standard ports or ssh relaying.
And _that_ is the crux of "NAT is broken in a number of ways"? James, I guess it's matter of wording, but to me the above doesn't mean broken, at worst it's a very slight disadvantage.
Indeed. From the application programmer's POV its just another API parameter.
Like I started out saying, I think that NAT, despite rumours of "being broken in a number of ways", works remarkably well.
It fulfils the objectives of RFC1918 for devices that do not unfettered peer-to-peer access across the 'Net very well. As a number of us have pointed out, for SMBs local access dominates. -- "Security is a chain within the infrastructure and is as secure as its weakest link. It is not a product nor a series of technologies but a process of solutions measured against the business needs of the organization." -- Walter S. Kobus, Jr., CISM CISSP IAM -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org