Re: Dear network geeks, IPv6 is crap because...
"You should not be NATing at all on v6. It's true that 1:1 NAT is less terrible than masquerading, but it still involves rewriting addresses on packets. Just give your public addresses directly to your machines; I promise it's way less effort than NATing."
But also riskier since an outsider could sniff out the network topology by ID'ing a few machines, and without ephemeral outgoing addresses, machines can be back-hacked. That's why BOTH are now in the IPv6 spec, to protect against those prospects, both of which cropped up in the IPv4 Net. And neither of these can be easily blocked by the firewall, either (the former because all the info is gleaned from the outside, the latter because you're re-using an already-established connection).
Biting the hand that feeds IT
