> > I'd eat a hat if a vendor didn't implement a PAT equivalent. It's > demanded too much. There is money for it, so it will be there. > > > Jack
Yeah, I think you are right. But in really thinking about it, I wonder why. The whole point of PAT was address conservation. You don't need that with v6. All you need to do with v6 is basically have what amounts to a firewall in transparent mode in the line and doesn't let a packet in (except where explicitly configure to) unless it is associated with a packet that went out. PAT makes little sense to me for v6, but I suspect you are correct. In addition, we are putting the "fire suit" on each host in addition to the firewall. Kernel firewall rules on each host for the *nix boxen.