undefined | Better HN

0 pointsfulafel3y ago0 comments

I'm a user and I think they are compatible requirements and support each other well.

The alternative, having ambiguous addresses, makes systems hard to reason about and monitor, and add compplexity - eg when inevitably "internal" networks end up connected to each other in various kinds of reorganisations resulting in misconfigurations because nobody can tell anymore what the ambigous rule about a 10.xx address meant. Complexity and anbiguity are main enemies of security because you can only secure what you can understand well.

NATs are also hard to reason about in that there's no real spec about what kind of incoming traffic they allow and when. The NAT function is designed to facilitate communication in face of connectivity hurdle presented by the addressing, not limit communication.

0 comments

arka21474836473y ago

Perhapse so, but i think psycologically, having your devices ’hide’ behind a NAT feels a lot more safe than having them out in the wild with only some firewall rules to protect them.

Secondarily, to many users both ipv6 routing and NAT are both incomprehensible. I think most home/sme IT admin people who have to maintain everything in their home/company are not in a position to learn everything about ipv6. Having a solution like NAT where you just cant connect from the outside (unless forwarded) really simplifies many things.

Many people are not in a position where they can understand networking fully.

j / k navigate · click thread line to collapse

0 pointsfulafel3y ago0 comments

I'm a user and I think they are compatible requirements and support each other well.

0 comments

arka21474836473y ago

Perhapse so, but i think psycologically, having your devices ’hide’ behind a NAT feels a lot more safe than having them out in the wild with only some firewall rules to protect them.

Many people are not in a position where they can understand networking fully.

j / k navigate · click thread line to collapse