> From: [email protected] [mailto:[email protected]] On > Behalf Of [email protected] > > NAT is also useful to hide internal details of a network when you don't > want them exposed.
Actually, I agree, this is a very valid use case for NAT with IPv6. By comparison to IPv4: you've only got a few external IP addresses, so you've got to map many internal addresses to a single external. Hence any inbound traffic is destined for an unknown internal machine, and hence p2p is essentially impossible. With IPv6 if you wish, you can NAT every internal IP address to its own unique external address. I understand mathematically speaking that might not be true (you could have 64million internal IP's and only 64thousand external ones) but practically speaking it is true. > the road, so it's already hardened), but when you start to expose your > printer, tv, game console..... do you really trust that all of those > vendors have hardened their machines to be reasonably safe if exposed > directly to the Internet? At present, the printer and toaster are safe from the Internet because they are not reachable from the internet. There's not a lot of reason for the toaster to support IPv6, but even if it does, there's nothing forcing it to take an internet routable IPv6 address. It can function perfectly well using a link-local address only. Which is analogous to the way it presently works, just using more address bits. If it did support IPv6, the use case is pretty ... uncommon ... but still nice to know you could if you want to. If you wanted to, check your ink levels from your mobile device while you're at Staples looking at a good deal on ink. Or whatever. Who am I kidding! There will never be a good deal on ink at Staples! ;-) _______________________________________________ Discuss mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
