nanog mailing list archives
Re: quietly....
From: Jimmy Hess <mysidia () gmail com>
Date: Wed, 2 Feb 2011 23:10:22 -0600
On Wed, Feb 2, 2011 at 10:34 PM, Jay Ashworth <jra () baylink com> wrote: [snip]
I won't run an edge-network that *isn't* NATted; my internal machines have no business having publicly routable addresses. No one has *ever* provided me with a serviceable explanation as to why that's an invalid view.
If you want to provide an edge network IPv6 connectivity with no routable address space, then use a proxy server / application layer gateway for every allowed application. SOCKS5 can be used to forward any TCP based protocol, and most UDP protocols, other UDP protocols do not actually function correctly in NAT environments anyways (neither do protocols such as FTP which require client side to accept port bound connections). There's no reason for the internet community to re-design every protocol to allow and try to function in a NAT environment, for the benefit of a small number of edge networks, who want a private castle with hosts on their network not connected to the internet, for no reason that has been adequately justified. In IPv4, this had to be accepted, because with limited IP address space, it was not an option to have no NAT. Now with IPv6 it is not an option to have NAT. No one has ever provided me with a serviceable explanation of why a stateful firewall is an insufficient method for implementing any desired network policy, with regards to limiting accepted traffic to outbound connections for nodes on an edge network.
-- jra
-- -JH
Current thread:
- Re: quietly...., (continued)
- Re: quietly.... Jay Ashworth (Feb 02)
- Re: quietly.... Mark Andrews (Feb 02)
- Re: quietly.... Jay Ashworth (Feb 02)
- Re: quietly.... Matthew Palmer (Feb 02)
- Re: quietly.... Jay Ashworth (Feb 02)
- Re: quietly.... Matthew Palmer (Feb 02)
- Re: quietly.... Owen DeLong (Feb 02)
- Re: quietly.... Jack Bates (Feb 03)
- Re: quietly.... Owen DeLong (Feb 02)
- Re: quietly.... Jay Ashworth (Feb 03)
- Re: quietly.... Jimmy Hess (Feb 02)
- Re: quietly.... Jay Ashworth (Feb 02)
- Re: quietly.... Jimmy Hess (Feb 02)
- Re: quietly.... Nicholas Suan (Feb 02)
- Re: quietly.... Nicholas Suan (Feb 02)
- Re: quietly.... david raistrick (Feb 03)
- Re: quietly.... Carlos M. Martinez (Feb 01)