In article <cistron.Pine.LNX.4.44.0310291228200.29539-100000@login1.fas.harvard.edu>, Scott McGrath <mcgrath@fas.harvard.edu> wrote:
And sometimes you use NAT because you really do not want the NAT'ed device to be globally addressible but it needs to have a link to the outside to download updates. Instrument controllers et.al.
I don't understand. What is the difference between a /24 internal NATted network, and a /64 internal IPv6 network that is firewalled off: only paclets to the outside allowed, and packets destined for the inside need to have a traffic flow associated with it. As I see it, NAT is just a stateful firewall of sorts. A broken one, so why not use a non-broken solution ? We can only hope that IPv6 capable CPE devices have that sort of stateful firewalling turned on by default. Or start educating the vendors of these el-cheopo CPE devices so that they will all have that kind of firewalling enabled before IPv6 becomes mainstream. Mike.