Michael Thomas <[email protected]> wrote: mt> dissing nat as a security measure is fine by me, but i'm not sure that going on to diss firewalls mt> is really appropriate. i haven't heard of any great movement to remove them, even though they mt> cause trouble with new fangled protocols.
I've yet to see any home other than mine (and 2 technical FreeS/WAN
colleagues...) that
had a firewall that was more complicated than NAT. (Port forwards are NAT work
around)
mt> the one area that i wonder about is carrier ip connectivity on phones:
i assume that they are
mt> behind the carriers firewall? if they aren't, or that firewall is
really permissive maybe there's
mt> something to this section. if not, do we really have evidence to be so
dismissive of firewalls?
Do you mean things like phone service sold by, for instance, incumbent cable
operators?
The ATA is generally built into the NAT/modem. Sometimes the cable operator
provides two modems, one for phone. I have seen Rogers in Ottawa do both.
The devices are not behind any firewall or on a seperate VLAN or anything.
At novavision.ca, the business connectivity that we provide for phones using a
hosted PBX uses a seperate VLAN. We provide firewalled IPv6 and non-routed
IPv4 connectivity. (i.e. RFC1918, no NAT) to the phones, but so far, no phone
manufacturer we deal with ships a phone with IPv6.
--
Michael Richardson <[email protected]>, Sandelman Software Works
pgpoPCnwTS6VQ.pgp
Description: PGP signature
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
