Anders Johansson wrote:
On Thursday 09 September 2010, James Knott wrote:
Using NAT, for outgoing traffic is simple. However, as soon as you want remote access to computers behind your firewall, things get "interesting". There is no simple way to access multiple computers with the same protocol. You have to resort to tricks such as non-standard ports, or, as you mentioned in another note, relaying ssh. A VPN will work (assuming no NAT address clash), but you might not have one handy. It might also be blocked by the local firewall.
Are you seriously suggesting that having a firewall is a problem, and that anything less than complete, unrestricted and unauthenticated access to the LAN is in some sense broken?
No, it's not a problem. However, I have experienced having a VPN blocked from the local public library, where free WiFi is available. Unfortunately, they also block the IPv6 tunnel. In some situations, where security is a concern, you'd want to block VPNs, as they'd be a security hole. On the other hand why bother on a publicly available network, as happens at the library (you only require a library card to use it). Of course, if I'm worried about getting past a firewall, all I have to do is fire up my Nexus One, tether to it (via WiFi or USB), and get out that way.
I don't think this is what you want to say, but it certainly sounds as though those are the words you choose. Somehow I don't think you would argue like this on other topics that didn't involve NAT.
Quite so, firewalls are an important part of security. They just have to be configured appropriately to the needs. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org