On 12/27/2010 06:58 AM, Marko Vojinovic wrote: *does* outside Thank you for your thoughts ... it really is time for me to learn more! Anyone having NAT has some kind of firewall - they go together - even if its a linksys box. In my case my border firewall is quite extensive ... with plenty of netblocks that are disallowed access to any service whatsoever ... I need to learn more about ip6 - but I assume nf_conntrack works the same way in ip6tables, I suppose routing through (when allowed) versus nat'ing through when allowed are not all that different but they are different... are the security implications obvious ? The firewall is still controlling what is allowed or not ... tho I am sure my understanding of a DMZ needs updating for ip6 .. so much to learn :-) Any suggestions for good guides on ip6 - firewalling - DMZ's - and transition management including setting up ip6-ip4 and ip4-ip6 gateways as may be needed ? Not sure what 'things' are really broken today in practice by nat - certainly ftp is typically no longer used with separate incoming port tho we do have ftp_conntrack just in case ... Thanks again .. sharing knowledge is very helpful ... ip6 is coming soon'ish and I def. need to prepare ... gene