Re: Let's talk about yum and p2p in Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/27/2010 06:58 AM, Marko Vojinovic wrote:
> There was a quite large thread on the CentOS list recently about this.
>
> In a nutshell, the conclusion is that (1) is an urban legend --- NAT
*does*
> *not* (and moreover, *should* *not* ) shield your inside machines from
outside
> attacks. You still need to use the proper firewall for shielding.
>


  Thank you for your thoughts ... it really is time for me to learn more!

  Anyone having NAT has some kind of firewall - they go together
- even if its a linksys box. In my case my border firewall is quite
extensive ... with plenty of netblocks that are disallowed access to any
service whatsoever ...

  I need to learn more about ip6 - but I assume nf_conntrack works the
same way in ip6tables, I suppose routing through (when allowed) versus
nat'ing through when allowed are not all that different but they are
different... are the security implications obvious ?

  The firewall is still controlling what is allowed or not ... tho I am
sure my understanding of a DMZ needs updating for ip6 .. so much to
learn :-)

 Any suggestions for good guides on ip6 - firewalling - DMZ's - and
transition management including setting up ip6-ip4 and ip4-ip6 gateways
as may be needed ?


> > at the price of breaking functionality.
 Not sure what 'things' are really broken today in practice by nat  -
certainly ftp is typically no longer used with separate incoming port
tho we do have ftp_conntrack just in case ...

  Thanks again .. sharing knowledge is very helpful ... ip6 is coming
soon'ish and I def. need to prepare ...

 gene
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux