On Thu, 2010-09-09 at 13:43 -0400, John E. Perry wrote:
Golly - NAT IS NOT A SECURITY MEASURE! How many times does that have to be said to sink in? So what? I've never run across a router that wasn't also a pretty decent firewall. My present Netgear Wifi router makes me invisible to the
On 09/08/2010 05:33 PM, Adam Tauno Williams wrote: public Internet, and that's the way I like it. Using WPA/PSK makes me close enough to safe from wardrivers for my purposes. Yeah, if I stored a lot of critical information on my wife's Windows computers, and if I were important enough or rich enough to make it worth some crook's while to attack me, I could see the need for more.
Desirable perhaps, but not practical. Why? Firewalls are cheap and abundant. It is extremely practical and [I hope] common practice. It is legally required in many circumstances. So what? I don't want to have to maintain separate external firewalls for
Eh? Who said to do that? You operate a firewall on your router, just like you operate your NAT, only it is just a firewall'd router [not a firewall router and a bunch of NAT hacks]. Internet<---->(IPv6 firewall/router)<--->(IPv6 network) instead of Internet<---->(IPv6 firewall/router+NAT)<--->(IPv6 network) That's it. It is categorically simpler. Firewall blocks all incoming connections - Done. Which is essentially what people on this list _believe_ NAT is doing currently.
I was really worried about IPv6 when this topic came up a few months ago, thinking it would make it much harder for me to maintain what I have now.
It won't, it will be much easier.
But the (restricted address?) feature, that makes it possible for me to keep an internal local network, still invisible to the outside world, relieved my apprehensions in that respect.
True, and with IPv6 it is much simpler to have multiple addresses and subnets on an interface.
Breaking some protocols, true, ftp is something that was broken from the start
Why? Nothing is broken about FTP. NAT breaks it. Don't claim a protocol is broken because it breaks when used with a hack. By that logic Open Office is "broken" because MS-Word can't open an ODT file.
NAT is just a pain, and a pointless one. For you, maybe, as a professional systems administrator. For me, as a simple-minded home user, it's a blessing
Why on earth do you believe that? NAT isn't doing *anything* but hacking around an IPv4 limitation. Operationally under IPv6 you only have a simpler network - and just as much privacy.
. And only the (restricted address?) feature saves me from major problems when I have to go to IPv6.
I don't see how, but OK.
I'm now pretty much neutral as to when v6 happens for me. But this silliness of IPv4 NAT being a Bad Thing for everyone irritates me.
It is a bad thing, FACT, full-stop. Because a breakage [limitation] doesn't apply to you doesn't make it "contrived", "bogus", "false", or anything else. Firewalls good, NAT bad. It seems a *lot* of people are very much confusing the functionality of a router, a firewall, and NAT. A firewall is what protects you - not NAT. <http://www.cs.utk.edu/~moore/what-nats-break.html> <http://www.faqs.org/rfcs/rfc1627.html> It is a necessary evil now, it will be a better network when it is gone.
My router with dhcp makes NAT and firewalling Just Work for me and mine. You want v6; fine. I'll have to go to it soon; fine. --that is, now that I'm pretty sure v6 won't impose a huge new workload on my home networking arrangement.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org