[ipv6hackers] Is there a telecom company which adpated IPv6 network on LTE?

casper-ipv6hackers at gielen.name casper-ipv6hackers at gielen.name
Thu Aug 15 17:29:43 CEST 2013


Op 15-08-13 16:40, Marco Ermini schreef:
> It may be that there are simpler implementation in some countries with no
> strict legal requirements, but in general I agree, NAT is not initiated by
> security departments, although security departments will still complain if
> you try to take it away. And yes it helps with overbilling and battery
> drowning attacks - doing NAT/PAT is much more straightforward than
> maintaining a complex firewall ruleset.

I don't get it, what complex ruleset? What does NAT/PAT do that is not
done by a single line of firewall configuration that accepts packages
from established connections? I guess some firewalls wil even do this
out of the box without any configuration.

I assume that many NAT-boxes already contain a statefull firewall as
they are based on Linux. On Linux a statefull firewall is less complex
than NAT/PAT.

> As hinted, when something is NATted it can be more easy to log as well. In
> some countries this is required... as well as other things such as age
> verification/restriction and other access layer controls, or other services
> such as content optimisation and caching - everything helped by NAT, and
> that needs to be re-thought in a full flat IPv6 World. Not a simple journey.

Once again this does not make sense to me. With NAT there are multiple
users sharing the same address. Without NAT everyone has a unique
adress. You will have to collect logs from every NAT-box in the world to
match that.
Can you explain what properties of NAT are beneficial to logging?


-- 
Casper Gielen



More information about the Ipv6hackers mailing list