House Panther 
I hate network address translation! I can’t wait for the internet to complete its migration to #ipv6
I am helping a friend chase a particularly troublesome and difficult problem and it seems to be related to #nat. I have to also figure out how #firewalld does its rule evaluation. I have a direct rule in place for finer grained control and it’s being totally ignored. What the *bleep*!!!
RobJE@housepanther
after migration to #ipv6 is completed nat will still be a thing because of security. As far as hiding things is security.
after migration to #ipv6 is completed nat will still be a thing because of security. As far as hiding things is security.
@robje NAT is not designed with security in mind. I mean sure it does kind of hide a network topology in plain site but ……
@housepanther
we don't disagree, but there is a whole bunch of people that have been told NAT == security. My guess is these people will use nat with #ipv6 because ....
we don't disagree, but there is a whole bunch of people that have been told NAT == security. My guess is these people will use nat with #ipv6 because ....
Named Bird@housepanther #ipv6 will only be used if it's "safe" to do so. Right now, due to issues like https://issues.chromium.org/issues/40736240 , a website using IPv6 looks like this to me, not very inviting:
