RE: Google wants to be your Internet

> IPv6 makes NAT obsolete because IPv6 firewalls can provide all
> the useful features of IPv4 NAT without any of the downsides.

IPv6 firewalls? Where? Good ones?

Why good ones. NAT is a basic IPv4 firewall. All IPv6 needs to obsolete
NAT is a firewall that offers all the features of NAT without requiring
the address translation. Then, instead of setting up a port translation
for a particular incoming protocol, you simply open up that port without
modifying the packets as they flow through. Suddenly, SIP works and
incoming VoIP phonecalls work just like on the phone network.

--Michael Dillon

Oh, if it were so easy. Even without NAT our firewalls still
need to meddle in the application layer. You'll still need
smarts in the firewall to use the bad ol' FTP. And of course
although SIP itself usually uses a fixed port, the calls it
sets up generally do not.

You don't have to modify packets, but you still need to read
them, understand the protocol, and add state entries to your
firewall. The absence of NAT doesn't really save you much work.

There is more to firewalls than NAT and packet filtering, no matter what
the Cisco Pix people say.