RE: Nat

[Jon Lewis <jlewis () lewis org>]

On Sun, 20 Dec 2015, Chuck Church wrote:

> insist on "NAT/PAT != firewall".   Well, a router routing everything it sees
> is even less of a firewall.  I'm really not trying to be argumentative here,
> but I'm just having a hard time believing Joe Sixpack will be applying
> business networking principals such as micro-segmenting to a home network
> with 3 to 7 devices on it.  If anything, these complexities we keep

I'm not disagreeing, but as this came up recently in another forum, I 
think you'll find that most home networks have a couple times that number 
of networked devices...once you add up computers, phones, tablets, game 
consoles, TV's & other media devices, thermostats, cameras, security 
systems, you'll probably run out of fingers and toes counting them all in 
a typical home network.  The average home user wouldn't know what you were 
talking about though if you asked them if they wanted to put various 
device classes in different subnets.  They just want it all to work...and 
keeping it all working means providing at least a default level of 
security/filtering that prevents all of it from being directly accessed by 
remote scanners looking to exploit insecure systems.

> adding/debating such as DHCP vs RA, prefix delegation, etc are only slowing
> down the general deployment of IPv6.

> From my perspective, ISP's not offering v6 is what's slowing down 
deployment.  My home cable provider still does not.

----------------------------------------------------------------------
 Jon Lewis, MCP :)           |  I route
                             |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________