[arin-ppml] inevitability of NAT?

Mark Andrews marka at isc.org
Tue Feb 8 20:31:06 EST 2011

In message <014d01cbc7cc$226f81e0$674e85a0$@iname.com>, "Frank Bulk" writes:
> Due to device (storage) limitations D-Link wasn't able to put a firewall in
> many of its IPv-6 capable releases for its different hardware models, but
> DIR-655 is supposed to support SPI.
> Frank

Also IPv6 equipment should be capable of being put on the net without
a seperate firewall.  If it isn't then the product really isn't fit
for the purpose it was designed for.  Its been a hostile net for
the entire time IPv6 has existed and that should have been factored
into the design.  A seperate firewall provides additional isolation
but shouldn't be needed.

Giving a device a ULA and not a public address if it doesn't need to
talk to the world will give you as much protection as a NAT gives.

Feature parity should also be there.  I've got a Brother network
printer that has accept/deny filters for IPv4 but not for IPv6.  I
don't know what they were thinking.  IPv6 doesn't need accept/deny
filters but IPv6 does?  It would have been less than a days work
to add them as they already have them working for IPv4.  A bit more
for testing and documentation.  At least I can set the IPv6 address
statically to a ULA.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the ARIN-PPML mailing list