Re: Cool IPv6 Stuff

• From: Iljitsch van Beijnum
• Date: Wed Jun 06 06:58:26 2007

Don't forget that the reason NAT works to the degree that it does
today is because of all the workarounds in applications or protocol-
specific workarounds in the NATs (ALGs). In IPv6, you don't have any
of this stuff, so IPv6 NAT gets you nowhere fast with any protocol
that does more than something HTTP-like. (Yes, I've tried it.)

Won't stateful firewalls have similar issues? Ie, if you craft a stateful
firewall to allow an office to have real IPv6 addresses but not to allow
arbitrary connections in/out (ie, the "stateful" bit), won't said stateful
require protocol tracking modules with similar (but not -as-) complexity
to the existing NAT modules?

• References:
  • Cool IPv6 Stuff Jeroen Massar
  • Re: Cool IPv6 Stuff Jared Mauch
  • Re: Cool IPv6 Stuff Sam Stickland
  • Re: Cool IPv6 Stuff Adrian Chadd
  • Re: Cool IPv6 Stuff Sam Stickland
  • Re: Cool IPv6 Stuff Donald Stahl
  • Re: Cool IPv6 Stuff Iljitsch van Beijnum
  • Re: Cool IPv6 Stuff Adrian Chadd

• Prev by Date: Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)
• Next by Date: Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)
• Date Index
• Thread Index
• Author Index
• Historical