[TriLUG] Want to Participate in World IPv6 Day?
Steven Pinkham
steve.pinkham at gmail.com
Thu Mar 31 09:47:28 EDT 2011
matt at noway2.thruhere.net wrote:
> I am also not certain how I feel about eliminating NAT. I don't want
> every device on my network to be directly available and I like having non
> routing address spaces to use. I like having that extra security barrier
> of a public gateway to my network and it seems like part of what IPv6
> wants to do is do away with this.
>
> In the mean time, I have some studying to do.
We replace your NAT router with a stateful firewall with a default deny
policy for the WAN side, and everything works just about the same.
NAT is not really a security technology, it just happens to be colocated
with security policy in consumer firewalls.
If you really still want to do NAT on IPv6 you can, but it doesn't buy
you much over a stateful firewall.
--
| Steven Pinkham, Security Consultant |
| http://www.mavensecurity.com |
| GPG public key ID CD31CAFB |
More information about the TriLUG
mailing list