nanog mailing list archives
Re: Cool IPv6 Stuff
From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Wed, 6 Jun 2007 09:48:36 +0200
On 5-jun-2007, at 4:29, Adrian Chadd wrote:
Don't forget that the reason NAT works to the degree that it does today is because of all the workarounds in applications or protocol- specific workarounds in the NATs (ALGs). In IPv6, you don't have any of this stuff, so IPv6 NAT gets you nowhere fast with any protocol that does more than something HTTP-like. (Yes, I've tried it.)
Won't stateful firewalls have similar issues? Ie, if you craft a stateful firewall to allow an office to have real IPv6 addresses but not to allow arbitrary connections in/out (ie, the "stateful" bit), won't said stateful require protocol tracking modules with similar (but not -as-) complexityto the existing NAT modules?
I'm afraid so, yes. http://arstechnica.com/articles/paedia/ipv6-firewall-mixed-blessing.ars
Current thread:
- Re: Cool IPv6 Stuff, (continued)
- Message not available
- Re: Cool IPv6 Stuff Jeroen Massar (Jun 01)
- Message not available
- Re: Cool IPv6 Stuff Jared Mauch (Jun 03)
- Re: Cool IPv6 Stuff Sam Stickland (Jun 04)
- Re: Cool IPv6 Stuff Adrian Chadd (Jun 04)
- Message not available
- Re: Cool IPv6 Stuff Sam Stickland (Jun 04)
- Re: Cool IPv6 Stuff Donald Stahl (Jun 04)
- Re: Cool IPv6 Stuff Iljitsch van Beijnum (Jun 04)
- Re: Cool IPv6 Stuff Adrian Chadd (Jun 04)
- Re: Cool IPv6 Stuff Donald Stahl (Jun 04)
- Re: Cool IPv6 Stuff Adrian Chadd (Jun 04)
- Re: Cool IPv6 Stuff Iljitsch van Beijnum (Jun 06)
- Re: Cool IPv6 Stuff Sam Stickland (Jun 04)
- Re: Cool IPv6 Stuff Joel Jaeggli (Jun 04)
- Re: Cool IPv6 Stuff Owen DeLong (Jun 04)
- Security gain from NAT (was: Re: Cool IPv6 Stuff) Jim Shankland (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Joe Abley (Jun 04)
- Re: Security gain from NAT Sam Stickland (Jun 04)
- RE: Security gain from NAT Howard C. Berkowitz (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Owen DeLong (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Colm MacCarthaigh (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Matthew Palmer (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Donald Stahl (Jun 04)