= Сообщение: 5818 из 7402 ============================================= IPV6 = От : Markus Reschke 2:240/1661 26 Jan 19 16:26:02 Кому : Victor Sudakov 26 Jan 19 16:26:02 Тема : NAT FGHI : area://IPV6?msgid=2:240/1661+5c4220cc На : area://IPV6?msgid=2:5005/49+5c4c7389 = Кодировка сообщения определена как: LATIN1 ================================= Ответ: area://IPV6?msgid=2:5005/49+5c4d68d5 ============================================================================== Hi Victor!
Jan 26 21:49 2019, Victor Sudakov wrote to Markus Reschke:
VS> The security guidelines I have read don't specify "NAT must be used." VS> They specify "RFC1918 addresses must be used in the internal VS> network."
For IPv6 they could use ULA (RFC4193). ;)
VS> A static NAT has limited usage and indeed does not provide much VS> additional security. But the dynamic NAT and especially PAT provide a VS> very important security feature no packet filter provides: they VS> *hide* the *source* *addresses* of internal hosts thus effectively VS> hiding the network structure from outsiders.
And some dumbass enables UPnP on the firewall/router. >:) If an organization thinks that it has to hide the internal IP addresses for security reasons it can use NAT or proxies. Anyway, they still need much more than that to secure their network.
MR>> There's also NAT for IPv6.
VS> Never heard of that, other than DNS64/NAT64 which are for a different VS> purpose.
