nanog mailing list archives
RE: Is NAT can provide some kind of protection?
From: "George Bonser" <gbonser () seven com>
Date: Wed, 12 Jan 2011 09:01:27 -0800
-----Original Message----- From: Fernando Gont [mailto:fernando.gont.netbook.win () gmail com] On Behalf Of Fernando Gont Sent: Wednesday, January 12, 2011 8:54 AM To: George Bonser Cc: Tarig Ahmed; nanog () nanog org Subject: Re: Is NAT can provide some kind of protection? On 12/01/2011 01:17 p.m., George Bonser wrote:But your security person needs to shift their thinking because the purpose of NAT and private addressing is to conserve IP address, nottoprovide security. With IPv6, the concept of NAT goes away.You have heard about NAT66, right? Thanks, -- Fernando Gont e-mail: fernando () gont com ar || fgont () acm org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Oh, yeah. But NAT66 does not provide the "security" aspect of PAT with V4. It is just a straight static NAT. So each of your machines is still directly addressable from the Internet. With v4 PAT, you can not be sure which address/port on the external IP maps to which address/port on the inside IP at any given moment and PAT is stateful in that an outbound packet is required to start the mapping. NAT66 is just straight static NAT that maps one prefix to a different prefix.
Current thread:
- Is NAT can provide some kind of protection? Tarig Ahmed (Jan 12)
- Re: Is NAT can provide some kind of protection? Nick Hilliard (Jan 12)
- Re: Is NAT can provide some kind of protection? Tarig Ahmed (Jan 12)
- Re: Is NAT can provide some kind of protection? ML (Jan 12)
- Re: Is NAT can provide some kind of protection? Greg Ihnen (Jan 12)
- Re: Is NAT can provide some kind of protection? LorĂ¡nd Jakab (Jan 12)
- Re: Is NAT can provide some kind of protection? Valdis . Kletnieks (Jan 12)
- Re: Is NAT can provide some kind of protection? Tarig Ahmed (Jan 12)
- RE: Is NAT can provide some kind of protection? George Bonser (Jan 12)
- Re: Is NAT can provide some kind of protection? Fernando Gont (Jan 12)
- RE: Is NAT can provide some kind of protection? George Bonser (Jan 12)
- Re: Is NAT can provide some kind of protection? Jack Bates (Jan 12)
- RE: Is NAT can provide some kind of protection? George Bonser (Jan 12)
- Re: Is NAT can provide some kind of protection? Jack Bates (Jan 12)
- Re: Is NAT can provide some kind of protection? Steven Kurylo (Jan 12)
- Re: Is NAT can provide some kind of protection? Jack Bates (Jan 12)
- Re: Is NAT can provide some kind of protection? Owen DeLong (Jan 12)
- Re: Is NAT can provide some kind of protection? Jack Bates (Jan 12)
- Re: Is NAT can provide some kind of protection? Fernando Gont (Jan 12)
- Re: Is NAT can provide some kind of protection? Nick Hilliard (Jan 12)
- Re: Is NAT can provide some kind of protection? Brian Keefer (Jan 15)
- Re: Is NAT can provide some kind of protection? William Herrin (Jan 15)
- Re: Is NAT can provide some kind of protection? Owen DeLong (Jan 15)