Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space

["Ricky Beam" <jfbeam () gmail com>]

On Sat, 07 Feb 2009 14:31:57 -0500, Stephen Sprunk <stephen () sprunk org>  
wrote:
> Non-NAT firewalls do have some appeal, because they don't need to mangle
> the packets, just passively observe them and open pinholes when
> appropriate.

This is exactly the same with NAT and non-NAT -- making any anti-NAT  
arguments null.

In the case of NAT, the "helper" has to understand the protocol to know  
what traffic to map.

In the case of a stateful firewalling ("non-NAT"), the "helper" has to  
understand the protocol to know what traffic to allow.

Subtle difference, but in the end, the same thing... if your gateway  
doesn't know what you are doing, odds are it will interfere with it.  In  
all cases, end-to-end transparency doesn't exist. (as has been the case  
for well over a decade.)

--Ricky