Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Something else that isn't often mentioned is that NAT requires keeping track of connection state on the router and anyone that writes code knows that state is the devil. That's state for every connection and for every device on the network. A perfectly implemented NAT router with unlimited memory is just as reliable as an IPv6 router that just forwards packets. In reality, the consumer grade devices have 16MB or so of memory and fall far short of this ideal.


IPv6 router firewalls still should be stateful (Ie allow connections initiated from my LAN to the Internet, but don’t allow connections initiated from the Internet to my LAN).

Sure, if you are speaking about core routers, they don’t care about state. But for homes and offices, traffic direction matters for security.


That's fair, I can see how any kind of more advanced filtering than "just block incoming SYN packets" would require state, but at least it's optional.


I'm completely out of the loop, but last time I checked "IPv6 will kill NAT forever" was basically a lie, and there is NAT-hell in IPv6 too. Is that so?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: