On 12/16/2014 01:52 PM, John Andersen wrote:
On 12/16/2014 09:08 AM, James Knott wrote:
With IPv6 and it's incredible number of public unicast addresses, NAT & STUN are not needed.
Oh yes they are needed.
You think firewalls are going away just because we have lots of address space?
STUN is only PART (a very small part) of the process. Stun just gets addresses of the end firewall of the end points. Thats all it does. It is not a transport.
I thought that is what I was saying in that STUN isn't necessary with public addresses. STUN provides the NAT firewall address, when the devices would normally provide actual addresses. Once the other end has the firewall address, the NAT transversal kicks in and sends the incoming packets to the destination device. Without NAT, the need for STUN disappears. This is completely different from the function of opening a firewall to allow the traffic. You seem to be one of those who confuses NAT with firewall filtering. As I mentioned, NAT is a hack to work around the IPv4 address shortage. It should not be considered a means of security, in that it provides nothing that a properly configured firewall can't in that regard. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org