On Tue, 2010-12-28 at 20:11 -0500, Bill Davidsen wrote:
> Clearly you have little understanding of the other uses of NAT, one of
> which is connect redirection. For instance, when I get a connect to an
> IP and port, it allows me send the connection to some machine inside
> the firewall without hav
Marko Vojinovic wrote:
> On Sunday 26 December 2010 22:11:17 you wrote:
>> On 12/26/2010 02:40 PM, Marko Vojinovic wrote:
>>> The only permanent solution to usability of p2p in general is IPv6, where
>>> all addresses will be public and thus accessible from outside. And IPv6
>>> would fix other pro
On Mon, 2010-12-27 at 11:30 -0500, Genes MailLists wrote:
> Anyone having NAT has some kind of firewall
Um, no they do not. A firewall is designed to restrict network traffic,
NAT is not designed as a protective mechanism. A side effect of NAT is
that (generally) some traffic is broken, but so
On 12/27/2010 03:16 PM, Marko Vojinovic wrote:
>
> Oh, but the scanner *will* get a response, that's the whole point of port-
> forwarding. A scanner sends out a bait, NAT forwards it to appropriate server,
> the server responds, NAT forwards the response back to the scanner.
>
Not if the router i
On 12/27/2010 09:44 AM, Chris Adams wrote:
> A stateful firewall without a packet
> mangler (i.e. no NAT) is just as secure.
No argument from me.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/u
On Mon, Dec 27, 2010 at 12:41 PM, Joe Zeff wrote:
> On 12/27/2010 09:15 AM, Patrick O'Callaghan wrote:
>>
>> Actually IIRC you have that the wrong way round. NAT was invented to
>> deal with address space exhaustion, and had the side-effect of hiding
>> machines behind the router.
>
> Before someb
On 12/27/2010 12:44 PM, Chris Adams wrote:
> implemented defense in depth.
>
> NAT is a combination of a stateful firewall and a packet mangler (that
> changes the IP+port fields). A stateful firewall without a packet
> mangler (i.e. no NAT) is just as secure.
probably - and yes if all is config
Once upon a time, Joe Zeff said:
> Before somebody steps in again to point out that NAT isn't a firewall,
> I'd like to give my perspective on it. If your router uses NAT and only
> forwards those ports you've told it to (and then, each port only goes to
> one machine) port scanners can't find
On 12/27/2010 09:15 AM, Patrick O'Callaghan wrote:
> Actually IIRC you have that the wrong way round. NAT was invented to
> deal with address space exhaustion, and had the side-effect of hiding
> machines behind the router.
Before somebody steps in again to point out that NAT isn't a firewall,
I'
On Sun, 2010-12-26 at 17:11 -0500, Genes MailLists wrote:
> Historically, we used nat for 2 purposes:
>
> (1) to shield inside machines
> (2) free up ipv4 (was an accidental consequence of (1)
Actually IIRC you have that the wrong way round. NAT was invented to
deal with address space e
On 12/27/2010 06:58 AM, Marko Vojinovic wrote:
> There was a quite large thread on the CentOS list recently about this.
>
> In a nutshell, the conclusion is that (1) is an urban legend --- NAT
*does*
> *not* (and moreover, *should* *not* ) shield your inside machines from
outside
> attacks. You st
--- 夜神 岩男 wrote:
> --- S Mathias wrote:
>
> > Are there any active project about it?
> >
> > like:
> > http://www.camrdale.org/apt-p2p/
> > for Debian.
> >
> > Why doesn't it have viability? Why does it have?
> >
> > What are the security issues regarding it?
>
> So long as it is easily
--- S Mathias wrote:
> Are there any active project about it?
>
> like:
> http://www.camrdale.org/apt-p2p/
> for Debian.
>
> Why doesn't it have viability? Why does it have?
>
> What are the security issues regarding it?
So long as it is easily configurable for the user/admin
(many of my Gno
On Sun, 2010-12-26 at 17:11 -0500, Genes MailLists wrote:
> Why would anyone want all internal machines public anyway ?
Not so much *made* public, but directly connected in a way that doesn't
block access. Various internet activities require two-way
communication, and NAT gets in the way. Eith
in.com/raw.php?i=UNLPSECr
--- On Sun, 12/26/10, Joe Zeff wrote:
> From: Joe Zeff
> Subject: Re: Let's talk about yum and p2p in Fedora
> To: "Community support for Fedora users"
> Date: Sunday, December 26, 2010, 10:28 PM
> On 12/26/2010 02:11 PM, Genes
> Ma
On 12/26/2010 05:28 PM, Joe Zeff wrote:
> On 12/26/2010 02:11 PM, Genes MailLists wrote:
>> I need to read about ipv6 - but can I keep (1) with ipv6 ? i.e.
>> machines inside access to internet similar to what they have now via
>> firewall/nat ... but no way for those ipv6 addresses to be seen SY
On 12/26/2010 02:11 PM, Genes MailLists wrote:
> I need to read about ipv6 - but can I keep (1) with ipv6 ? i.e.
> machines inside access to internet similar to what they have now via
> firewall/nat ... but no way for those ipv6 addresses to be seen SYN'd
> from outside.
AIUI, there are IPv6 add
On 12/26/2010 02:40 PM, Marko Vojinovic wrote:
> The only permanent solution to usability of p2p in general is IPv6, where all
> addresses will be public and thus accessible from outside. And IPv6 would fix
> other protocols broken by introduction of NAT, not just p2p stuff.
>
> But until then,
On 12/26/2010 11:40 AM, Marko Vojinovic wrote:
> Automatic updates that leave the user out of the loop are known to be a Very
> Bad Idea (tm)
Automatic updates are part of the slavewear mentality: I know what your
computer needs and you don't. Once you allow them you're effectively
giving contr
19 matches
Mail list logo
