[arin-ppml] inevitability of NAT?
marka at isc.org
Tue Feb 8 20:31:06 EST 2011
In message <firstname.lastname@example.org>, "Frank Bulk" writes:
> Due to device (storage) limitations D-Link wasn't able to put a firewall in
> many of its IPv-6 capable releases for its different hardware models, but
> DIR-655 is supposed to support SPI.
Also IPv6 equipment should be capable of being put on the net without
a seperate firewall. If it isn't then the product really isn't fit
for the purpose it was designed for. Its been a hostile net for
the entire time IPv6 has existed and that should have been factored
into the design. A seperate firewall provides additional isolation
but shouldn't be needed.
Giving a device a ULA and not a public address if it doesn't need to
talk to the world will give you as much protection as a NAT gives.
Feature parity should also be there. I've got a Brother network
printer that has accept/deny filters for IPv4 but not for IPv6. I
don't know what they were thinking. IPv6 doesn't need accept/deny
filters but IPv6 does? It would have been less than a days work
to add them as they already have them working for IPv4. A bit more
for testing and documentation. At least I can set the IPv6 address
statically to a ULA.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the ARIN-PPML