Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com) [LWN.net]

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 21, 2010 3:03 UTC (Thu) by foom (subscriber, #14868)
In reply to: Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com) by neilbrown
Parent article: Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

> (I actually *like* the fact that my home network is behind a NAT and can only be reached through my VPN).

I'd bet what you really *like* is that it's behind a central firewall. That your firewall also does NAT is a bit unfortunate, as it just makes it more difficult to poke any desired holes in it. There's no security benefit in NAT.

to post comments

Level Up to IPv6 with Ubuntu 10.10 on Comcast (Linux.com)

Posted Oct 21, 2010 12:34 UTC (Thu) by drag (guest, #31333) [Link]

Yes.

All the security benefits you can get through NAT can just as easily be gotten without NAT. Just put a firewall on your network gateway and that is it. If you want it to behave similar to NAT then just set it up so that the only connections allowed to reach your hosts are ones initiated by your hosts. (of course most NAT firewalls are more complicated then that a bit because of the need to have some higher-then-level-3 awareness to deal with some of the multitude of protocols that don't work well with NAT, but I hope that I got the idea across)

Plus if anybody remotely cares about having a future open internet is going to have to be behind the push for IPv6. The reason is that ISPs are now starting to be forced to use multiple levels of NAT to provide network services for their customers due to the lack of IPv4 address space. This eliminates the ability for people to communicate in a peer to peer fashion, independent of third party centrally hosted services.

Sticking to IPv4 and relying on NAT will really turn the internet into a service-only network similar to television broadcasting or traditional telecommunications networks.

This is something that really cannot be allowed to happen.