Colm Buckley wrote: > > > It doesn't necessitate any such thing; most organisations will probably > continue to block all unknown inbound traffic, and rightly so. There's > nothing about P2P applications which requires an open firewall; what's > being gained is the ability to have consistent source and destination > headers along the whole route, without requiring routers or firewalls to > keep track of all connections for NAT purposes. >
Actually isn't that making some connections more secure? There won't be any need for the current horrible firewall punching techniques used today with udp. > Yes, NAT could be useful to mask your internal > network topology from the wild world web. Yes, this is the core of my original question. I suspect you could hide your subnets (natting everything to a single subnet, assuming you can (enough address on one subnet)), BUT does exposing our subnets make our network vulnerable? Assuming here we still have a DMZ and an internal network, and we firewall the internal network the same way we do today (don't allow connections initiated from the outside, etc...)? -- Yves. http://www.SollerS.ca/ _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
