Reply to post: Re: Never!

Sitting pretty in IPv4 land? Look, you're gonna have to talk to IPv6 at some stage

Chronos Silver badge

Re: Never!

I don't see where HT said you must ditch NAT. What was said was that creating the exact same stateful filtering that NAT serendipitously provides is piss easy if you want to use globals on your internal network.

The real myth here is that NAT is some kind of firewall. If that were true, why do we keep seeing C&C channels tunnelling in and out of RFC1918 nets?

There's also the little "incompatibility" myth, which is shorthand for "oh fuck, we're going to have to do it properly this time" because you don't have the crutch of NAT being required to make your link to the outside world useful, which is what this argument really boils down to: We've all got comfortable with assuming there's a NAT layer there to do all your state tracking for you. Now you're going to have to write the dreadfully complicated few lines of firewall rules yourself. Mercy!

Cue the "I can't remember prefixes with hex words in them" wailing and gnashing of teeth.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019