Keith Moore wrote:
>
> > NAT can be used for a variety of things. Perhaps we can agree that it's
> > a good hammer when the nail is a home network, and concentrate on what
> > to do about the large corporation issue.
>
> NAT is a good hammer for a home network if and only if the only
> purpose of a home network is to allow multiple web clients at home
> to talk to servers in the outside world.
>
> If you want to use a home network to be able to access your devices
> at home *from* the outside world - e.g. IP telephony, IP fax,
> instant messaging to your home, IP printing to your home printer
> from elsewhere, setting your vcr, setting your thermostat so that the
> house will be warm when you get there, checking the house temperature to
> see if the air conditioner has died again, taking a peek at the kid
> you've left home with the babysitter (or by himself) to see that
> he's okay, investigating the alert you got from your intrusion
> detection system, personal web server for home or home office -
> NATs start to look like a pretty poor hammer even for home use.
> (unless, of course, you think the purpose of hammers is to break things)
Sounds to me like at best I'd trade a NAT box with firewalling for a
serious firewall. I have ZERO interest in allowing the kinds of things
you describe to occur from outside. While you may not mind someone
hacking into the microphone on your PC and using it as a bug I am a
little less trusting.
>
> OTOH, if you combine NAT with 6to4 for home networks, the
> picture starts to look a bit better. Think of 6to4 as the
> generic ALG that rids you of the need to have separate ALGs
> for most of the applications that NAT happens to break.
So, will any of our ISP readers go on the record as saying they'll
provide users of dialup and DSL/Cable lines to have a large block of
addresses each, instead of just a single host address? The way I read
the ARIN IPv6 allocation policy, they're going to manage the new space
about the same as IPv4 space. Which is to say I don't expect space to be
readily available.
--
-----------------------------------------------------------------
Daniel Senie [EMAIL PROTECTED]
Amaranth Networks Inc. http://www.amaranthnetworks.com
