> From: Phil Pennock [mailto:lopsa-discuss+p...@spodhuis.org] > > What we did *finally* get was NAT-PMP, the NAT Port Mapping Protocol.
Now that I've read the Wikipedia article on NAT-PMP and IGD, I'm really happy I did. So simple, so clean. I never heard of NAT-PMP or IGD until today (last night, thanks to Phil's post). These are protocols that allows clients on a private LAN to automate inbound port forwarding configuration of the perimeter NAT/firewall device, for the sake of enabling p2p communications. This is particularly interesting, because IPv6 doesn't bring much to the table over IPv4, except in the area of enabling p2p communications. I can think of at least one really significant way that NAT-PMP or a similar protocol would be more desirable than IPv6. Namely, in order for the inbound port to be accepted via NAT-PMP, the internal client has to specifically request it, and it's only valid as long as the client maintains the lease with the firewall. So NAT-PMP inherently provides more security than IPv6. And any endpoint device which doesn't know about NAT-PMP doesn't have any reason to care. Also, this gives control for the firewall to have policy regarding whether or not it will allow the port forward, or even selectively allow it for some devices (such as the Video Conference station in the conference room.) Unfortunately, it appears not many firewalls today support either NAT-PMP or IGD. _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
