[GRLUG] Regarding NAT and IPv6
Michael Mol
mikemol at gmail.com
Fri Feb 10 11:47:39 EST 2012
On Fri, Feb 10, 2012 at 11:37 AM, megadave <megadave at gmail.com> wrote:
> <quote>NAT is also a piece of crap as it breaks certain protocols (for
> clear example look at FTP in the early days), and kills the entire
> idea of peer to peer reachability and end to end accountability (ever
> tried to track NAT'd connections through multiple translations at
> multiple sites, pain in the arse).</quote>
>
> I'd reply at that site, but I dont see how to do so...
Click "login or register" in the upper-right hand corner. Then you can comment.
>
> My comment on this would be, "Sometimes that is INTENTIONAL - it is
> the DESIRED result to have an 'internal' network which is not directly
> reachable by external hosts.
That's what conntrack and stateful firewalls are for. Your specific
position is addressed in these comments:
http://www.reddit.com/r/ipv6/comments/pj4ij/why_the_hate_for_nat66/c3psd0c
http://www.reddit.com/r/ipv6/comments/pj4ij/why_the_hate_for_nat66/c3ps3i3
http://www.reddit.com/r/ipv6/comments/pj4ij/why_the_hate_for_nat66/c3pskqs
> And quite frankly, any protocol which was
> developed once NAT became common (so ftp is off the hook) that doesn't
> work with NAT, is ITSELF broken, IMNSHO"
Broken because it doesn't work around unnecessary complexity? This is
called stifling innovation.I actually presented a few hypotheticals
for how NATless environments would be more useful than NATted ones:
http://www.reddit.com/r/ipv6/comments/pj4ij/why_the_hate_for_nat66/c3ptjrd
I'll be very glad to see widespread NAT dead and gone, even if it
takes ten years to get there.
--
:wq
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the grlug
mailing list