[120157] in North American Network Operators' Group
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
daemon@ATHENA.MIT.EDU (Chris Adams)
Thu Dec 10 23:09:37 2009
Date: Thu, 10 Dec 2009 22:08:49 -0600
From: Chris Adams <cmadams@hiwaay.net>
To: nanog@nanog.org
Mail-Followup-To: Chris Adams <cmadams@hiwaay.net>, nanog@nanog.org
In-Reply-To: <9F752F9C-8A43-4467-95A7-A1907E3BFF91@delong.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Once upon a time, Owen DeLong <owen@delong.com> said:
> UPnP is a bad idea that (fortunately) doesn't apply to IPv6 anyway.
>
> You don't need UPnP if you'r not doing NAT.
You need UPnP for a stateful firewall, whether it is mangling packets
with NAT or not. I have an Xbox 360 behind an SSG-5 with no NAT, and I
can't play some on-line games unless I open up the Xbox IP in the SSG.
You can debate whether UPnP is the correct solution, but some solution
is needed (even with IPv6) as long as stateful firewalls exist.
--
Chris Adams <cmadams@hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
