[111636] in North American Network Operators' Group
Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space
daemon@ATHENA.MIT.EDU (Owen DeLong)
Mon Feb 9 18:53:53 2009
From: Owen DeLong <owen@delong.com>
To: Mark Newton <newton@internode.com.au>
In-Reply-To: <F12F5916-CCBF-47C4-838C-98D06720054C@internode.com.au>
Date: Mon, 9 Feb 2009 15:47:11 -0800
Cc: north American Noise and Off-topic Gripes <nanog@merit.edu>
Errors-To: nanog-bounces@nanog.org
On Feb 9, 2009, at 3:33 PM, Mark Newton wrote:
>
> On 10/02/2009, at 9:54 AM, Stephen Sprunk wrote:
>>
>> Yes, an ALG needs to understand the packet format to open pinholes
>> -- but with NAT, it also needs to mangle the packets. A non-NAT
>> firewall just examines the packets and then passes them on unmangled.
>
> Sure, but at the end of the day a non-NAT firewall is just a special
> case
> of NAT firewall where the "inside" and "outside" addresses happen to
> be the same.
Uh, that's a pretty twisted view. I would say that NAT is a special
additional capability of the firewall which mangles the address(es)
in the packet. I would not regard passing the address unmangled
as a "special case" of mangling.
In terms of implementing the code, sure, the result is about the same,
but, the key point here is that there really isn't a benefit to having
that
packet mangling code in IPv6.
Owen
