Comment by hrmtst93837
12 hours ago
Assuming IPv6 kills NAT is optimistic, plenty of orgs still stack private addressing and firewalls on top.
12 hours ago
Assuming IPv6 kills NAT is optimistic, plenty of orgs still stack private addressing and firewalls on top.
Firewalls aren't nearly as bad as NAT.
Basically the same thing. If you legitimately need to establish a connection then put a firewall rule in, whether that needs nat or pat is a function of your available addresses.
If you are tying to work around your firewall because it isn’t yours, that’s not a legitimate use.
Love it when random people tell me whether my use case is legitimate or not without apparently even knowing it exists!
Take mobile data connections, for example: Most people don't want to pay for metered (by the byte) inbound traffic they didn't ask for that also drains their battery, but do want to be able to establish P2P connections for lower latency VoIP etc.
This is a firewall that's definitionally "not theirs", but that still also serves their interests, yet usually doesn't offer any user-accessible management interface.
So may I please traverse this firewall now, or is my use case still illegitimate?
2 replies →
P2P traffic is illegitimate according to you? Like Skype calls? You think Skype should not exist? (Well it doesn't exist any more, but whatever replaced it)
You're assuming that the firewall was configured correctly or that the firewall admin is cooperative. That's a big ask.
On the other hand, there is plenty of badly written networked software. I bet most of the networked software developers have no idea how to correctly plumb their software. They just open whatever connection, e.g. sockets, their OS provides and just run with it without care of the underlying layers. The OSI model theory in fact encourages this ignorance.