netdev
[Top] [All Lists]

Re: Kernel 2.6 IPV6 Busted

To: Denis Vlasenko <vda@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Kernel 2.6 IPV6 Busted
From: Jeff Garzik <jgarzik@xxxxxxxxx>
Date: Tue, 01 Mar 2005 11:26:34 -0500
Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>, Quantum Scientific <Info@xxxxxxxxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to: <200503011207.34029.vda@port.imtp.ilyichevsk.odessa.ua>
References: <200502270928.44402.Info@Quantum-Sci.com> <200502271410.39611.Info@quantum-sci.com> <20050227133517.578884df.davem@davemloft.net> <200503011207.34029.vda@port.imtp.ilyichevsk.odessa.ua>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922
Denis Vlasenko wrote:
On Sunday 27 February 2005 23:35, David S. Miller wrote:

On Sun, 27 Feb 2005 14:10:39 -0600
Quantum Scientific <Info@xxxxxxxxxxxxxxx> wrote:


I am skeptical about this assertion that the whole internet needs to be hashed if connection tracking.

Connection tracking and NAT broke entirely the end-to-end host assumption that used to be valid on the internet.

There are many very important optimizations we've had to disable
by default just in TCP alone because of NAT.


I don't think future Internet will be safe enough to open
corporate networks. I definitely won't do it.
NAT firewall in front of my net is an absolute requirement
for me.

However, IPv6 in Internet won't happen tomorrow,
no rush...

You don't need NAT to secure a corporate network.

Just write sane firewall rules that don't allow incoming.

        Jeff




<Prev in Thread] Current Thread [Next in Thread>