| To: | Denis Vlasenko <vda@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: Kernel 2.6 IPV6 Busted |
| From: | Jeff Garzik <jgarzik@xxxxxxxxx> |
| Date: | Tue, 01 Mar 2005 11:26:34 -0500 |
| Cc: | "David S. Miller" <davem@xxxxxxxxxxxxx>, Quantum Scientific <Info@xxxxxxxxxxxxxxx>, netdev@xxxxxxxxxxx |
| In-reply-to: | <200503011207.34029.vda@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> |
| References: | <200502270928.44402.Info@xxxxxxxxxxxxxxx> <200502271410.39611.Info@xxxxxxxxxxxxxxx> <20050227133517.578884df.davem@xxxxxxxxxxxxx> <200503011207.34029.vda@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922 |
Denis Vlasenko wrote: On Sunday 27 February 2005 23:35, David S. Miller wrote:On Sun, 27 Feb 2005 14:10:39 -0600 Quantum Scientific <Info@xxxxxxxxxxxxxxx> wrote:I am skeptical about this assertion that the whole internet needs to be hashed if connection tracking.Connection tracking and NAT broke entirely the end-to-end host assumption that used to be valid on the internet. There are many very important optimizations we've had to disable by default just in TCP alone because of NAT.I don't think future Internet will be safe enough to open corporate networks. I definitely won't do it. NAT firewall in front of my net is an absolute requirement for me. However, IPv6 in Internet won't happen tomorrow, no rush...
You don't need NAT to secure a corporate network.
Just write sane firewall rules that don't allow incoming.
Jeff
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: (usagi-users 03222) Re: support of IPv6 by NFS, Olaf Kirch |
|---|---|
| Next by Date: | Re: filtering packtes before OS takes care about them, Pedro Fortuna |
| Previous by Thread: | Re: Kernel 2.6 IPV6 Busted, Quantum Scientific |
| Next by Thread: | Re: Kernel 2.6 IPV6 Busted, Tomasz Torcz |
| Indexes: | [Date] [Thread] [Top] [All Lists] |