On 12/16/2014 02:35 PM, John Andersen wrote:
TURN is another hack to get past NAT.
No, TURN is another hack to get past firewalls. NAT isn't even part of the issue here.
Please read that article you linked to. I previously posted a quote from it that says the opposite of what you claim.
You seem to be laboring under the delusion you are going to be connecting each workstation directly to the internet backbone once ipv6 comes along.
No, I have never made such a claim. IPv6 supports a variety of IP address scopes, that include routable to the Internet, routable only within an organization, similar to RFC1918 IPv4 addresses and non-routable, similar to link local addresses in the 169.254.0.0/16 range. You pick the ones suitable for your needs.
You, sir, are in for a rude awakening. Firewalls are not going anywhere soon.
I have never made that claim. It's NAT that will disappear with IPv6, as it's no longer needed. You just confirmed what I said earlier, when I suspected you were confusing NAT with firewalls. Firewalls control what traffic is allowed to pass. NAT allows multiple devices to share a single address. These are two completely different functions that are often combined in the same box. As I mentioned in another message, a deny all firewall is every bit as effective as NAT at blocking incoming traffic. On the other hand, NAT causes problems if you have multiple devices offering services that you want to reach from the Internet. If you have, for example, 2 web servers, you can't have both on port 80. With NAT you can only forward a protocol to one computer and use a non-standard port number to access the 2nd. As I said NAT breaks things. With public addresses on both computers, you only have to configure the firewall to pass the traffic to the appropriate computer, without messing with non-standard port numbers. It is easy to do and in fact easier than configuring NAT to deal with non-standard port numbers. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org