Let's talk about yum and p2p in Fedora

[Genes MailLists]

On 12/27/2010 06:58 AM, Marko Vojinovic wrote:
> There was a quite large thread on the CentOS list recently about this.
>
> In a nutshell, the conclusion is that (1) is an urban legend --- NAT
*does*
> *not* (and moreover, *should* *not* ) shield your inside machines from
outside
> attacks. You still need to use the proper firewall for shielding.
>


  Thank you for your thoughts ... it really is time for me to learn more!

  Anyone having NAT has some kind of firewall - they go together
- even if its a linksys box. In my case my border firewall is quite
extensive ... with plenty of netblocks that are disallowed access to any
service whatsoever ...

  I need to learn more about ip6 - but I assume nf_conntrack works the
same way in ip6tables, I suppose routing through (when allowed) versus
nat'ing through when allowed are not all that different but they are
different... are the security implications obvious ?

  The firewall is still controlling what is allowed or not ... tho I am
sure my understanding of a DMZ needs updating for ip6 .. so much to
learn :-)

 Any suggestions for good guides on ip6 - firewalling - DMZ's - and
transition management including setting up ip6-ip4 and ip4-ip6 gateways
as may be needed ?


> > at the price of breaking functionality.
 Not sure what 'things' are really broken today in practice by nat  -
certainly ftp is typically no longer used with separate incoming port
tho we do have ftp_conntrack just in case ...

  Thanks again .. sharing knowledge is very helpful ... ip6 is coming
soon'ish and I def. need to prepare ...

 gene