[GTALUG] NAT [was Re: Linux hardening question]

Russell rreiter91 at gmail.com
Sun Jul 2 09:08:14 EDT 2017 

On July 1, 2017 5:38:14 PM EDT, "D. Hugh Redelmeier via talk" <talk at gtalug.org> wrote:
>| From: James Knott via talk <talk at gtalug.org>
>
>| I have no use for those who insist IPv4 is good enough, when it
>| hasn't been since the day it became necessary to use NAT.
>
>Actually NAT was not introduced to deal with a global shortage of IP 
>addresses.  It was introduced to get rid of a local shortage.
>
>For example, Rogers at home (the first broadband service for consumers in
>my 
>area) was marketed as meant for hooking one device (not a server!) to
>the 
>internet.  The theory was that you'd pay extra for each other device
>and 
>they would get their own IP.  This wasn't 100% crazy since most homes
>that 
>had a computer that could connect to the internet had only one.
>
>I ran NAT (and servers) at home with a Linux gateway because I did
>already 
>have a LAN.  (Unlike most folks, I had globally routable addresses in
>my 
>LAN but of course Rogers could not route that traffic to me.)
>
>Pretty soon people wanted to run LANs at home BUT they were Microsoft
>LANs 
>-- not safe in public.  So naturally a broadband router-with-NAT made a
>
>lot of sense.
>
>Now many folks think NATing is the normal and most reasonable form of 
>firewall!
>
>NAT actually damages the internet's original design.  Nodes are peers,
>not 
>clients or servers.  But only initiators (clients, roughly speaking)
>can 
>be behind NAT.  So many protocols have had to be butchered to survive
>NAT.

I came across this memo of general interest to this topic. Section 4 in particular.

https://tools.ietf.org/rfc/rfc4864.txt

4. Using IPv6 Technology to Provide the Market Perceived Benefits of NAT

The facilities in IPv6 described in Section 3 can be used to provide the protection perceived to be associated with IPv4 NAT. This section gives some examples of how IPv6 can be used securely.


>---
>Talk Mailing List
>talk at gtalug.org
>https://gtalug.org/mailman/listinfo/talk


-- 
Russell
Sent by K-9 Mail

More information about the talk mailing list