[arin-discuss] Trying to Understand IPV6
Owen DeLong
owen at delong.com
Mon Sep 13 21:43:36 EDT 2010
On Sep 13, 2010, at 6:00 PM, Leo Bicknell wrote:
> In a message written on Mon, Sep 13, 2010 at 08:48:59PM -0400, Robert E. Seastrom wrote:
>> proper ports in the firewall. Funny how easy that gets when there is
>> no STUN or uPNP in the fray. Might even be something that you click
>
> I don't think (but I'm not sure) that uPnP requires NAT. That is,
> I think a stateful firewall could implement uPnP and use it simply
> to unblock ports on request.
>
Yes, that can be done.
However, Rob's point was the problems caused by uPNP rather than
the features it provides.
> I think for most consumers that's a good model. Your PS3 or other
> appliance like device can request the couple of ports it needs, and
> if you want to know you can log into your gateway and see waht a
> device requests, and/or deny a particular device such access.
>
It really isn't a fantastic model. Better would be to have a way for the
firewall to get a request from the device, get user confirmation through
some other form of challenge-response and make a quasi-permanent
change.
Owen
More information about the ARIN-discuss
mailing list