Let's talk about yum and p2p in Fedora

[Tim]

On Tue, 2010-12-28 at 20:11 -0500, Bill Davidsen wrote:
> Clearly you have little understanding of the other uses of NAT, one of
> which is connect redirection. For instance, when I get a connect to an
> IP and port, it allows me send the connection to some machine inside
> the firewall without having to have the rest of the machine ports
> available or the "real" IP visible.

That's just port forwarding, not NAT.  It's a fixed rule.

NAT is the magic genie in the middle that keeps track of connections
from various internal machines going out, and makes sure that the
related returning traffic goes through to the right internal machine.


> I realize that somehow you have convinced yourself that not allowing
> everyone on Earth to bang on every machine somehow is bad or
> unnecessary, and that every machine running every OS can somehow be
> protected by a firewall, but in practice this doesn't work most of the
> time. What is possible in theory with a perfect firewall doesn't
> happen and/or take a huge investment in effort and auditing to 
> approximate.

Piffle!  It's completely easy to firewall a computer in the same way
that NAT pretends to be a firewall:  Ignore all unexpected incoming
connections.  Do nothing (neither block, or otherwise act especially on)
any outgoing connections.  That basic configuration can be preset, so
dumb users can simply "turn on firewall."

NAT is NOT a firewall.  It's not meant to be.  It cannot be relied upon
to act as one, because that is not its purpose nor design.


-- 
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.