[Info-vax] implementing IPv6 on the internet
Scott Dorsey
kludge at panix.com
Wed Sep 21 10:04:57 EDT 2016
In article <nrtta6$rm4$1 at gioia.aioe.org>, Chris <syseng at gfsys.co.uk> wrote:
>
>Just another opinion and whatever it was originally designed for,
>it's turned out to be quite a sound and cost effective solution
>to the problem.
But, it's really not. It just hides the problem, and it opens up a whole other
set of troubles.
>With IPV6, just what is meant by "firewalling for real" ?...
Your firewall has a list of internal device that can talk to the outside and
a list of internal devices that cannot. It denies traffic from the ones that
cannot. This is what large IPv4 sites have done for decades, and allows ready
reconfiguration. It allows multiple devices inside the firewall to be seen
outside, if that's what you want, which you can't do when you're hiding behind
a single NAT address.
It's all clean and straight and there is a 1:1 mapping between systems, and
everybody is effectively equal in terms of how their system appears to others
(even if not in performance). It's just like the internet used to be, before
it got crowded.
--scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."
More information about the Info-vax
mailing list