Re: Does IPv6 preclude use of a NAT gateway?

To: debian-user@lists.debian.org
Subject: Re: Does IPv6 preclude use of a NAT gateway?
From: Paul E Condon <pecondon@mesanetworks.net>
Date: Mon, 11 Jul 2011 15:58:48 -0600
Message-id: <[🔎] 20110711215848.GB7219@cmpq.lan.gnu>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 4E1A10BC.30102@rail.eu.org>
References: <[🔎] 201107091714.21780.rhkramer@gmail.com> <[🔎] 20110710134846.GA613@khazad-dum.debian.net> <[🔎] 201107101434.51411.rhkramer@gmail.com> <[🔎] 4E1A10BC.30102@rail.eu.org>

On 20110710_225108, Erwan David wrote:
> On 10/07/11 20:34, Randy Kramer wrote:
> > 
> >> Also, ipv6 firewalling is very annoying on the gateway (due to the
> >> icmpv6 filtering which must be done right).  When possible, get a
> >> script that does most of it right for you (or check RFC 4890).
> > 
> > Sounds like good advice.
> > 
> > Randy Kramer
> > 
> 
> shorewall6 is quite good at setting the rules for IPv6.

I am puzzled by this discussion. Without going into any features
of IPv6, the reason NAT works for IPv4 that I have been taught
is the 192.168.xxx.xxx are illegal on the actual internet. No 
router is supposed to do anything but drop them. And your NAT
box acts as a proper internet router on the side that is connected
to the internet. So anyone on the outside cannot send messages
to your hosts on the inside because any messages will be dropped
long before they get near a box on the inside. It is not NAT, by
itself, that offers protection, but NAT with the sure knowledge
that packets on the inside are always illegal addresses in the
outside. (Proper internet legal address packets ARE legal on
the inside. That is how packets requesting web pages from
a web site get from your host to your router/NAT.) 

Is there something wrong, or incorrect, about this?

-- 
Paul E Condon           
pecondon@mesanetworks.net

Reply to:

Follow-Ups:
- Re: Does IPv6 preclude use of a NAT gateway?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Does IPv6 preclude use of a NAT gateway?
  - From: Scott Ferguson <prettyfly.productions@gmail.com>

References:
- Does IPv6 preclude use of a NAT gateway?
  - From: Randy Kramer <rhkramer@gmail.com>
- Re: Does IPv6 preclude use of a NAT gateway?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Does IPv6 preclude use of a NAT gateway?
  - From: Randy Kramer <rhkramer@gmail.com>
- Re: Does IPv6 preclude use of a NAT gateway?
  - From: Erwan David <erwan@rail.eu.org>

Prev by Date: Re: Want to build new Debian PC. Is IDE interface gone?
Next by Date: Re: Complex IPv6 setup (was: Does IPv6 preclude use of a NAT gateway?)
Previous by thread: Re: Does IPv6 preclude use of a NAT gateway?
Next by thread: Re: Does IPv6 preclude use of a NAT gateway?
Index(es):
- Date
- Thread