[Cialug] Slightly OT - IPv6 sillyness

Zachary Kotlarek zach at kotlarek.com
Wed Jul 9 14:53:33 CDT 2014


On Jul 9, 2014, at 12:44 PM, L. V. Lammert <lvl at omnitec.net> wrote:

> using an offset address is the best way to do that.

What’s the benefit of a stateful firewall + NAT as opposed to just a stateful firewall, with respect to restricting outside access to a network? Isn’t the firewall doing all the security work in both cases? Aren’t most NAT implementations built around a firewall in the first place — the linux DNAT/SNAT/MASQ targets in iptables certainly are.


> Well, would not a private subnet mean *no* inbound exposure?

If you’re not connected to other networks you can use whatever addresses you like. The point of ARIN management is only to coordinate among networks that wish to interconnect.

	Zach

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2749 bytes
Desc: not available
URL: <http://cialug.org/pipermail/cialug/attachments/20140709/f1d9a381/attachment.bin>


More information about the Cialug mailing list