[Techtalk] Good firewall configuration tool for debian
James
jas at spamcop.net
Fri Apr 9 22:19:20 EST 2004
On Fri, 9 Apr 2004 10:23:40 -0700, Carla Schroder <carla at bratgrrl.com>
wrote:
> On Friday 09 April 2004 10:18 am, Carla Schroder wrote:
> Wups, correction:
>>
>> On a typical consumer DSL account, where you have a dynamically
>> assigned IP,
>> NAT works just fine. Those lil ADSL modems, like the Linksys Etherfast
>> Cable/DSL Router
>
> These gadgets are not DSL modems, they are routers. Sorry! Still need a
> separate DSL "modem", and why are they called modems? Do they modulate?
In ADSL's case, I'm afraid they *DO* modulate and demodulate: it works by
using multiple 4kHz channels, each carrying a separate stream of bits,
which then get combined at the other end.
Rudy:
> Tsk, tsk, what an USA attitude. Only the US has IPv4 to spare...
> Otherwise things are getting quit scarse. for example China is using
> NAT over NAT at places to keep things working because of IPv4 scarcity.
More to do with their interest in control and censorship, AIUI; there
are certainly ample blocks at the top level, ready to be handed to any
regional registrar as needed.
> Yep, though the choices are at times limited. On a cable you generally
> have just the one provider. And here is where mainland Europe actually
> tends to have a better choice than the US of A. At least in Belgium and
> Netherlands you tend to have a choice between cable and several ADSL
> providers in most cities.
Here in the UK you're presented with a similar choice - but it's almost
entirely illusory. In reality, there is one ADSL provider - BT - and one
cable provider - Telewest or NTL, depending on area - in any given place.
There are dozens of "ISPs" offering ADSL, but they're all just reselling
BT's service under their own name: very few people actually have more than
two options, and many have one or none.
As Tracey pointed out, there are more than 4 billion IPv4 addresses
available; with only 6 billion human beings, name-based vhosting and
NAT should, if used properly, allow IPv4 to last at least another two
decades without any real problems. NAT isn't evil; as Carla points out,
it's a very useful facility with security and administrative benefits,
as well as saving IPv4 space for other things.
Finally, for the bit about the US somehow being exempt from an IPv4
shortage, neither is true. To quote RIPE, the body responsible for
Europe's IP allocations to individual countries:
No IPv4 shortage anyway:
"Based on today’s total global allocation rate of approximately 4.25
blocks per year in 2002, or 5.5 blocks in 2001, and the remaining
pool of 91 blocks held by IANA, it is unrealistic to assume that there
is an imminent shortage in the IPv4 address space. Even allowing for a
dramatic increase in address consumption rates, it is highly probable
that IPv4 address space will last well beyond the two years predicted
by some."
US wouldn't be exempt if there were one:
"It has been suggested that Asia will experience an IPv4 address
shortage before other regions. This is simply not true. This is
because addresses are distributed in a co-ordinated fashion from
a single global pool, and there is no system whereby that pool is
exclusively divided among, or pre-allocated to, different countries
or regions. Through the current system of address administration,
IP addresses are allocated according to immediate need wherever
that need is demonstrated and it is simply not possible for
isolated "shortages" to exist"
Finally, registries are not allowed to charge for IP addresses,
although they are allowed to charge an administrative fee
for allocating blocks; ARIN, for example, charges a membership
fee for ISPs, ranging from $2,500/yr for small ISPs (up to a /19
allocation, or about 8,000 addresses) to $20,000/yr for large
ISPs (more than a /14, or about 250,000 addresses).
James.
More information about the Techtalk
mailing list