- No longer designing protocols that jump through hoops to deal with lack of direct addressing
Fucking CGNAT…
Comment on Google Fiber goes big with 20-gig plan
frezik@midwest.social 1 year ago- Better routing performance
- No longer designing protocols that jump through hoops to deal with lack of direct addressing
lud@lemm.ee 1 year ago
MeanEYE@lemmy.world 1 year ago
Sorry to be the one to mention, but NAT is here to stay. Even if IPv6 has enough address space for everything to have a public address it’s still good security measure to have local area network that has a firewalled exit node. Especially considering how IoT has become popular and just how little people care about security of same devices.
frezik@midwest.social 1 year ago
No, stop this. NAT is not a security measure. It was not designed as one, and does not help security at all.
onlinepersona@programming.dev 1 year ago
Why doesn’t it help security? Is everybody’s device supposed to be publicly accessible?
frezik@midwest.social 1 year ago
Because hiding addresses does very little. A gateway firewall does not need NAT to protect devices behind it.
In fact, NAT tends to make things more complicated, and complication is the enemy of security. It’s one extra thing that firewalls have to account for. Firewalls behind NAT also don’t know where traffic is originally coming from, meaning they have one less tool at their disposal. This gets even worse with CGNAT, which sometimes has multiple levels of NAT.
Security is a very common objection to getting rid of NAT, and it’s wrong.