Reply to post: To NAT or not to NAT

IPv6 is great, says Facebook. For us. And for you a bit, too

Dazed and Confused Silver badge

To NAT or not to NAT

> However, having a directly addressable IPv6 implementation doesn't mean everyone can access your computer. Firewalls can still block connections that you haven't initiated. It's still better to use IPv6, because the vast address space makes network management much, much easier.

While it is true that you can firewall IPv6 addresses to stop direct access, NAT (OK SNAT) has the feature of being client only by default. In a NAT environment it is difficult to actually make it possible for the BBI (Big Bad Internet) to gain access to your system, whereas in an IPv6 directly routed by screened by a firewall then you're dependent on the correct configuration of the FW, so it tends to be open by default with an option to guard the door.

There are lots of things which will work better by not having to fight with NAT, but security has been a very big unintended benefit to the world using NAT.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019