North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cool IPv6 Stuff

  • From: Iljitsch van Beijnum
  • Date: Wed Jun 06 06:58:26 2007

On 5-jun-2007, at 4:29, Adrian Chadd wrote:

Don't forget that the reason NAT works to the degree that it does
today is because of all the workarounds in applications or protocol-
specific workarounds in the NATs (ALGs). In IPv6, you don't have any
of this stuff, so IPv6 NAT gets you nowhere fast with any protocol
that does more than something HTTP-like. (Yes, I've tried it.)

Won't stateful firewalls have similar issues? Ie, if you craft a stateful
firewall to allow an office to have real IPv6 addresses but not to allow
arbitrary connections in/out (ie, the "stateful" bit), won't said stateful
require protocol tracking modules with similar (but not -as-) complexity
to the existing NAT modules?

I'm afraid so, yes.