On 1/30/2007 at 12:19 AM, <michael.dillon@bt.com> wrote:
IPv6 makes NAT obsolete because IPv6 firewalls can provide all the useful features of IPv4 NAT without any of the downsides.
IPv6 firewalls? Where? Good ones?
Why good ones. NAT is a basic IPv4 firewall. All IPv6 needs to obsolete NAT is a firewall that offers all the features of NAT without requiring the address translation. Then, instead of setting up a port translation for a particular incoming protocol, you simply open up that port without modifying the packets as they flow through. Suddenly, SIP works and incoming VoIP phonecalls work just like on the phone network.
Oh, if it were so easy. Even without NAT our firewalls still need to meddle in the application layer. You'll still need smarts in the firewall to use the bad ol' FTP. And of course although SIP itself usually uses a fixed port, the calls it sets up generally do not. You don't have to modify packets, but you still need to read them, understand the protocol, and add state entries to your firewall. The absence of NAT doesn't really save you much work. -- Crist J. Clark crist.clark@globalstar.com Globalstar Communications (408) 933-4387 BĀ¼information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster@globalstar.com