Let's talk about yum and p2p in Fedora
Genes MailLists
lists at sapience.com
Mon Dec 27 16:30:10 UTC 2010
On 12/27/2010 06:58 AM, Marko Vojinovic wrote:
> There was a quite large thread on the CentOS list recently about this.
>
> In a nutshell, the conclusion is that (1) is an urban legend --- NAT
*does*
> *not* (and moreover, *should* *not* ) shield your inside machines from
outside
> attacks. You still need to use the proper firewall for shielding.
>
Thank you for your thoughts ... it really is time for me to learn more!
Anyone having NAT has some kind of firewall - they go together
- even if its a linksys box. In my case my border firewall is quite
extensive ... with plenty of netblocks that are disallowed access to any
service whatsoever ...
I need to learn more about ip6 - but I assume nf_conntrack works the
same way in ip6tables, I suppose routing through (when allowed) versus
nat'ing through when allowed are not all that different but they are
different... are the security implications obvious ?
The firewall is still controlling what is allowed or not ... tho I am
sure my understanding of a DMZ needs updating for ip6 .. so much to
learn :-)
Any suggestions for good guides on ip6 - firewalling - DMZ's - and
transition management including setting up ip6-ip4 and ip4-ip6 gateways
as may be needed ?
> > at the price of breaking functionality.
Not sure what 'things' are really broken today in practice by nat -
certainly ftp is typically no longer used with separate incoming port
tho we do have ftp_conntrack just in case ...
Thanks again .. sharing knowledge is very helpful ... ip6 is coming
soon'ish and I def. need to prepare ...
gene
More information about the users
mailing list