[Techtalk] Good firewall configuration tool for debian
Travis Casey
efindel at earthlink.net
Sat Apr 10 00:04:37 EST 2004
On Friday 09 April 2004 18:26, Devdas Bhagat wrote:
> On 09/04/04 17:10 -0400, Travis Casey wrote:
> > Static NAT only breaks applications where (a) the protocol requires one
> > or both sides to know their own addresses and send them and (b) the
> > application designers did not supply a way to tell the application that
> > you want to "advertise" a different address than the one the
> > application automatically learns. (In my experience, Microsoft seems
> > to like to do this...)
> >
> > (IMHO, such protocols are broken; why require clients to supply their
> > own addresses, when the address of the "other end" of the connection is
> > easily learned through standard calls?)
>
> IPSec with AH.
Doesn't change MHO. :-) Remember in particular that IP is supposed to be
an *internetwork* protocol. Protocols running on top of IP should not
require that endpoints even be using IP as their native protocol, much less
know their own IP address.
But that's just my opinion...
--
|\ _,,,---,,_ Travis S. Casey <efindel at earthlink.net>
ZZzz /,`.-'`' -. ;-;;,_ No one agrees with me. Not even me.
|,4- ) )-,_..;\ ( `'-'
'---''(_/--' `-'\_)
More information about the Techtalk
mailing list