Re: Is source address selection based on rules (netfilter) possible ?

From: David Schwartz <davids@xxxxxxxxxxxxx>
Date: Sat, 28 Aug 2010 04:28:18 -0700 (PDT)

On Aug 28, 4:20 am, Roger Blake <rogbl...@xxxxxxxxxxxxx> wrote:

On 2010-08-27, Xavier Roche <xro...@xxxxxxxxxxxxxxxxxxxxxx> wrote:

Yes, just tested and NATing is not available at all - probably because
NAT on v6 is really stupid (and nobody wants NAT to live forever)

Why not? Why would anyone not running a public server want their
network interface exposed directly to the internet?

NAT and firewalls have nothing to do with each other. NAT happens to
provide some slight level of security by accident that you can't rely
on.

DS
.

Follow-Ups:
- Re: Is source address selection based on rules (netfilter) possible ?
  - From: David Brown

References:
- Is source address selection based on rules (netfilter) possible ?
  - From: Xavier Roche
- Re: Is source address selection based on rules (netfilter) possible ?
  - From: Pascal Hambourg
- Re: Is source address selection based on rules (netfilter) possible ?
  - From: Xavier Roche
- Re: Is source address selection based on rules (netfilter) possible ?
  - From: Roger Blake

Prev by Date: Re: Is source address selection based on rules (netfilter) possible ?
Next by Date: Re: Is source address selection based on rules (netfilter) possible ?
Previous by thread: Re: Is source address selection based on rules (netfilter) possible ?
Next by thread: Re: Is source address selection based on rules (netfilter) possible ?
Index(es):
- Date
- Thread

Relevant Pages

Re: EBS 2008, TMG and external firewall. Dont want double NAT
... This is done because Exchange is bound to the internal interface and leaves the external interface to be *completely* controlled by TMG...a good security guideline by the way. ... If you are disabling NAT then you'll need to change this from a publishing rule to an access rule, but it should still work fine. ... The first is an access rule allows traffic from the internal IP to the external interface and to the messaging server ... One of the default rules is an "internet access for all users" that allows http and https by default. ...
(microsoft.public.windows.server.sbs)
Re: Routing and Remote Access NAT - I need to modify TTL
... with two interfaces: PUBLIC (internet) and PRIVATE ... use it as a gateway, they can access hosts on the PUBLIC interface, TTL is ... but the replay that comes back to the NAT ... They relay on the fact that client computers accept packets with TTL=0, ...
(microsoft.public.windows.server.networking)
Re: Routing and Remote Access NAT - I need to modify TTL
... with two interfaces: PUBLIC (internet) and PRIVATE ... use it as a gateway, they can access hosts on the PUBLIC interface, TTL is ... but the replay that comes back to the NAT ... They relay on the fact that client computers accept packets with TTL=0, ...
(microsoft.public.windows.server.networking)
Simultaneous NAT overload (internet) and NAT overlapping for IPsec
... There is a pure IPsec tunnel between SITE1 and SITE2. ... SITE1 also has an internet connection via ISP1 which is used to ... the NAT overload from SITE1. ... interface on ISP1) its "also" translating the addresses across to ...
(comp.dcom.sys.cisco)
Re: Routing and Remote Access NAT - I need to modify TTL
... with two interfaces: PUBLIC (internet) and PRIVATE ... Hosts on the LAN successfully acquire IP addresses from the NAT SERVER ... use it as a gateway, they can access hosts on the PUBLIC interface, TTL ... They relay on the fact that client computers accept packets with TTL=0, ...
(microsoft.public.windows.server.networking)