begin quoting Tracy R Reed as of Sun, Jan 29, 2006 at 10:32:35AM -0500: [snip] > Use passive ftp or install the iptables ftp helper module which will > rewrite the protocol layer port information to match what the nat in > iptables is doing. I am really peeved these days over the destruction of > the peer to peer connectivity aspects of the Internet. NAT must die and > firewalls must go away in favor of host based security. We need to come > up with a killer app for ipv6.
NAT is a godsend and should rule the day; process level IPs should be implemented as NAT'd 127.x.x.x IPs and mediated by the OS kernel to the appropriate static IP. We need to make sure we start implementing NAT functionality in IPv6-capable firewalls. -- _ |\_ \| -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
