Disabling ipv6
Chris Adams
linux at cmadams.net
Thu Jul 11 19:12:07 UTC 2013
Once upon a time, Joe Zeff <joe at zeff.us> said:
> On 07/11/2013 11:12 AM, Chris Adams wrote:
> >Use the firewall, ditch the NAT. NAT does not increase security over a
> >firewall. In some cases, NAT prevents a user from accessing the
> >Internet, rather than the other way around.
>
> Can you give a practical example, please. I've no reason to
> disbelieve you, but I've also never run across such a case and would
> like to see one.
I've seen people with double-NAT issues before, where "special"
protocols like FTP or game console can't traverse the double-NAT. Any
newer attempted peer-to-peer protocol through an older NAT
implementation that doesn't have ALGs for the protocol tends to fail
(often in mysterious ways). IPsec through a NAT setup that doesn't have
IPsec pass-through specifically enabled usually fails.
I can't give you personal examples because I don't use NAT for my stuff.
--
Chris Adams <linux at cmadams.net>
More information about the users
mailing list