nanog mailing list archives
Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough?
From: Owen DeLong <owen () delong com>
Date: Tue, 27 Apr 2010 15:24:47 -0700
On Apr 27, 2010, at 2:25 PM, Jon Lewis wrote:
On Tue, 27 Apr 2010 Valdis.Kletnieks () vt edu wrote:That site will manage to chucklehead their config whether or not it's NAT'ed.True...but when they do it and all their important stuff is in 192.168.0/24, you still can't reach it...and if they break NAT, at least their internet breaks. i.e. they'll know its broken. When they change the default policy on the firewall to Accept/Allow all, everything will still work...until all their machines are infected with enough stuff to break them.
Nah... They'll chucklehead forward something to 135-139/TCP on the box with all the important stuff just fine. NAT won't save them from this.
Hmm... Linux has a firewall. MacOS has a firewall. Windows XP SP2 or later has a perfectly functional firewall out of the box, and earlier Windows had a firewall but it didn't do 'default deny inbound' out of the box.Linux can have a firewall. Not all distros default to having any rules. XP can (if you want to call it that). I don't have any experience with MacOS. Both my kids run Win2k (to support old software that doesn't run well/at all post-2k). I doubt that's all that unusual.
And the rest of the world should pay for your kid's legacy requirements why?
Are you *really* trying to suggest that a PC is not fit-for-purpose for that usage, and *requires* a NAT and other hand-holding?Here's an exercise. Wipe a PC. Put it on that cable modem with no firewall. Install XP on it. See if you can get any service packs installed before the box is infected.
1. Yes, I can. I simply didn't put an IPv4 address on it. ;-) 2. I wouldn't hold XP up as the gold standard of hosts here. Owen
Current thread:
- Re: the alleged evils of NAT,, (continued)
- Re: the alleged evils of NAT, Joe Greco (Apr 21)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? Andy Davidson (Apr 27)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? Matthew Kaufman (Apr 27)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? Nick Hilliard (Apr 27)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? Valdis . Kletnieks (Apr 27)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? Jon Lewis (Apr 27)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? Valdis . Kletnieks (Apr 27)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? Jon Lewis (Apr 27)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? Valdis . Kletnieks (Apr 27)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? Jon Lewis (Apr 27)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? Owen DeLong (Apr 27)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? Bill Stewart (Apr 29)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? Mark Smith (Apr 30)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? James Hess (Apr 27)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? Matthew Kaufman (Apr 27)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? Adrian Chadd (Apr 27)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? Mark Andrews (Apr 27)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? Owen DeLong (Apr 27)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? Matthew Kaufman (Apr 27)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? Owen DeLong (Apr 27)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? Matthew Kaufman (Apr 27)