> -----Original Message----- > From: Fernando Gont [mailto:fernando.gont.netbook....@gmail.com] On > Behalf Of Fernando Gont > Sent: Wednesday, January 12, 2011 8:54 AM > To: George Bonser > Cc: Tarig Ahmed; nanog@nanog.org > Subject: Re: Is NAT can provide some kind of protection? > > On 12/01/2011 01:17 p.m., George Bonser wrote: > > > But your security person needs to shift their thinking because the > > purpose of NAT and private addressing is to conserve IP address, not > to > > provide security. With IPv6, the concept of NAT goes away. > > You have heard about NAT66, right? > > Thanks, > -- > Fernando Gont > e-mail: ferna...@gont.com.ar || fg...@acm.org > PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Oh, yeah. But NAT66 does not provide the "security" aspect of PAT with V4. It is just a straight static NAT. So each of your machines is still directly addressable from the Internet. With v4 PAT, you can not be sure which address/port on the external IP maps to which address/port on the inside IP at any given moment and PAT is stateful in that an outbound packet is required to start the mapping. NAT66 is just straight static NAT that maps one prefix to a different prefix.
