On 09/08/2010 05:33 PM, Adam Tauno Williams wrote:
Golly - NAT IS NOT A SECURITY MEASURE! How many times does that have to be said to sink in?
So what? I've never run across a router that wasn't also a pretty decent firewall. My present Netgear Wifi router makes me invisible to the public Internet, and that's the way I like it. Using WPA/PSK makes me close enough to safe from wardrivers for my purposes. Yeah, if I stored a lot of critical information on my wife's Windows computers, and if I were important enough or rich enough to make it worth some crook's while to attack me, I could see the need for more.
Desirable perhaps, but not practical.
Why? Firewalls are cheap and abundant. It is extremely practical and [I hope] common practice. It is legally required in many circumstances.
So what? I don't want to have to maintain separate external firewalls for -my laptop -my work laptop -my wife's work laptop -my network printer (IPv4 only) -our home desktop -our 3 sons' laptops when they visit -our son's wife's laptop when she visits I was really worried about IPv6 when this topic came up a few months ago, thinking it would make it much harder for me to maintain what I have now. But the (restricted address?) feature, that makes it possible for me to keep an internal local network, still invisible to the outside world, relieved my apprehensions in that respect.
Breaking some protocols, true, ftp is something that was broken from the start and the fact that it does not work well with nat is hardly the end of the world.
...of no concern at all to me personally, since I neither need nor want outside access to my home network. I carry all my information with me when I travel, and have no need for external access.
NAT is just a pain, and a pointless one.
For you, maybe, as a professional systems administrator. For me, as a simple-minded home user, it's a blessing. And only the (restricted address?) feature saves me from major problems when I have to go to IPv6. I'm now pretty much neutral as to when v6 happens for me. But this silliness of IPv4 NAT being a Bad Thing for everyone irritates me. My router with dhcp makes NAT and firewalling Just Work for me and mine. You want v6; fine. I'll have to go to it soon; fine. --that is, now that I'm pretty sure v6 won't impose a huge new workload on my home networking arrangement. John Perry -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org