[64638] in North American Network Operators' Group
Re: [arin-announce] IPv4 Address Space (fwd)
daemon@ATHENA.MIT.EDU (Jack Bates)
Wed Oct 29 16:30:50 2003
Date: Wed, 29 Oct 2003 15:27:27 -0600
From: Jack Bates <jbates@brightok.net>
To: nanog@merit.edu
In-Reply-To: <Pine.BSF.4.50L0.0310291307360.60884-100000@wow.atlasta.net>
Errors-To: owner-nanog-outgoing@merit.edu
David Raistrick wrote:
>
> You seem to be arguing that NAT is the only way to prevent inbound access.
> While it's true that most commercial IPv4 firewalls bundle NAT with packet
> filtering, the NAT is not required..and less-so with IPv6.
>
I think the point that was being made was that NAT allows the filtering
of the box to be more idiot proof. Firewall rules tend to be complex,
which is why mistakes *do* get made and systems still get compromised.
NAT interfaces and setups tend to be more simplistic, and the IP
addresses of the device won't route publicly through the firewall or any
unknown alternate routes.
-Jack
