Hello, Rick Thomas a écrit : > > It eliminates the need for masquerading and port translation, but it > does not eliminate the need for a proper firewall.
Unfortunately the plenty of public IPv6 space does not totally eliminate the need for NAT in some situations. Otherwise there would not be that RFC 5902 about IPv6 NAT... Situations where NAT may help which come to mind are multi-homing with ISP-specific prefixes, prefix renumbering... > An (IPv4) router/NAT-box has the unavoidable side-effect of not > allowing any incoming (Internet -> LAN) connections unless they have > been explicitly programmed by the user. Most people consider this to > be a "good thing". Actually this is primarily a side effect of the use of private addresses which are (supposedly) unreachable from the public internet, not NAT. Some NAT implementations may act as a firewall, but this is implementation-dependent. Remember that the netfilter IPv4 NAT implementation in the Linux kernel does not do any filtering. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4eff26ad.8050...@plouf.fr.eu.org
