I really think you're missing my point, which is that this is nothing to do
with NAT; people were hiding internal-only hosts for years before NAT came along,
and they always will. This is nothing to do with address space. Your border
router doesn't route unsolicited packets to the hidden host and your external
DNS doesn't propagate its RRs. Hiding site-local addresses is no different.
Brian
[EMAIL PROTECTED] wrote:
>
> no he is not. I know three large corporations using the fact that they got
> nice large ipv4 address space and do this in totally secure manner. the
> evil here is nat your concerned about and site local addresses can cause
> that evil again. also many of the ietf mantras are getting trashed in the
> real world. we need to update our mantras.
>
> /jim
>
> > -----Original Message-----
> > From: ext Brian E Carpenter [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday,February 08,2001 11:28 AM
> > To: Robert Elz
> > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > Subject: Re: another renumbering question
> >
> >
> > Robert Elz wrote:
> >
> > > | Why would any enterprise publish the A record of
> > internalserver.example.com
> > > | outside the firewall?
> > >
> > > Why wouldn't they?
> >
> > Truly, you are out of touch with the way large corporate
> > intranets are run.
> >
> > Brian
> >
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
