Re: [nznog] Web Servers: Dual-homing or DNAT/Port Forwarding?
On 12/11/2013 9:21 AM, Tim Franklin wrote:
I'm not sure that was an analogy--it was exploring the exact meanings of two words. In any case, I submit that an address behind a gate is not a "public address". But my point is, my address is in fact public, not behind any gates--displayed once on the post that supports the mail box, again inside the mailbox door for the mail person, and on a sign on the house next to the door. Which public display grants to no one any right of access to the interior of my house (indeed to no part of the property save the path from the street to the front door). Similarly, my IP address could be publicly visible but that does not grant any right of access to the equipment it attaches to. (I might leave my front door wide open--that STILL does not grant any RIGHT of access. It does depend on archaic notions of honest and regard for rights to keep people out.) I'm done. -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. (Adapted from Stephen Pinker)
On Dec 11, 2013 5:45 PM, "Larry Sheldon" <LarrySheldon@cox.net> wrote:
two words.
In any case, I submit that an address behind a gate is not a "public
address".
But my point is, my address is in fact public, not behind any
gates--displayed once on the post that supports the mail box, again inside the mailbox door for the mail person, and on a sign on the house next to the door.
Which public display grants to no one any right of access to the interior
of my house (indeed to no part of the property save the path from the street to the front door).
Similarly, my IP address could be publicly visible but that does not
grant any right of access to the equipment it attaches to.
(I might leave my front door wide open--that STILL does not grant any
RIGHT of access. It does depend on archaic notions of honest and regard for rights to keep people out.)
I'm done.
It's maybe better to think of an ip address as a phone number. Most people get a better experience if they can make and receive calls. Your line of thinking is that you would only like to make outbound phone calls. That's cool, for you. The rest of us will be playing xbox online, which explicitly recommends unsolicited inbound connections, meaning your result will be better if you do not statefully firewall and allow xbox to form arbitrary meshes of ipsec http://tools.ietf.org/agenda/88/slides/slides-88-v6ops-0.pdf CB
participants (2)
-
cb.list6
-
Larry Sheldon