Chris Palmer <[EMAIL PROTECTED]>: > There's another feature of NAT that is desirable that has not yet been > mentioned, and which at least some customers may be cognizant of: the > fact that NAT is a pretty restrictive firewall. > > I'm as big a fan of the end-to-end principle as anybody, but until the > ends are trustworthy, we can't get there. Whether by IPv6 or IPv4, > less-than-fanatically-administered Windows and Unix systems simply > cannot be directly connected to the Internet.
I wouldn't go that far. I wouldn't describe myself as a fanatical admin;
"lazy" and "barely competent" would be closer to the mark :-). Despite
this, I've never had a breakin in more than a decade. I'm comfortable
connecting a Linux system directly to the Internet, as long as the
internal software firewall is on,
It's nice to have my firewalling done by a box that is too stupid to
be cracked, but what I need from the Linksys is really the address
multiplexing.
--
<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
pgpogUUtEY9no.pgp
Description: PGP signature
_______________________________________________ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf
