Chris Palmer <chris(_at_)eff(_dot_)org>:
There's another feature of NAT that is desirable that has not yet been
mentioned, and which at least some customers may be cognizant of: the
fact that NAT is a pretty restrictive firewall.
I'm as big a fan of the end-to-end principle as anybody, but until the
ends are trustworthy, we can't get there. Whether by IPv6 or IPv4,
less-than-fanatically-administered Windows and Unix systems simply
cannot be directly connected to the Internet.
I wouldn't go that far. I wouldn't describe myself as a fanatical admin;
"lazy" and "barely competent" would be closer to the mark :-). Despite
this, I've never had a breakin in more than a decade. I'm comfortable
connecting a Linux system directly to the Internet, as long as the
internal software firewall is on,
It's nice to have my firewalling done by a box that is too stupid to
be cracked, but what I need from the Linksys is really the address
multiplexing.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
pgpfkLB93nPbj.pgp
Description: PGP signature
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf