[128188] in North American Network Operators' Group
Re: Addressing plan exercise for our IPv6 course
daemon@ATHENA.MIT.EDU (Matthew Palmer)
Mon Jul 26 01:10:56 2010
Date: Mon, 26 Jul 2010 15:07:02 +1000
From: Matthew Palmer <mpalmer@hezmatt.org>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <87mxtej2fv.fsf@oban.berlin.quux.de>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Jul 26, 2010 at 06:24:04AM +0200, Jens Link wrote:
> Owen DeLong <owen@delong.com> writes:
> > The correct answer is "No, you don't have to configure rules, you just need
> > one rule supplied by default which denies anything that doesn't have a
> > corresponding outbound entry in the state table and it works just like NAT
> > without the address mangling".
>
> They used NAT as an excuse not to let some applications to the
> outside.
That's OK, if it's NAT unfriendly, chances are it requires deep packet
inspection to make the state tables do the right thing anyway.
- Matt
--
Skippy was a wallaby. ... Wallabies are dumb and not very trainable... The
*good* thing...is that one Skippy looks very much like all the rest,
hence..."one-shot Skippy" and "plug-compatible Skippy". I don't think they
ever had to go as far as "belt-fed Skippy" -- Robert Sneddon, ASR
