Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
lxgr 3 hours ago

Firewalls aren't nearly as bad as NAT.

hdgvhicv 3 hours ago | parent [-]

Basically the same thing. If you legitimately need to establish a connection then put a firewall rule in, whether that needs nat or pat is a function of your available addresses.

If you are tying to work around your firewall because it isn’t yours, that’s not a legitimate use.

lxgr 2 hours ago | parent | next [-]

Love it when random people tell me whether my use case is legitimate or not without apparently even knowing it exists!

Take mobile data connections, for example: Most people don't want to pay for metered (by the byte) inbound traffic they didn't ask for that also drains their battery, but do want to be able to establish P2P connections for lower latency VoIP etc.

This is a firewall that's definitionally "not theirs", but that still also serves their interests, yet usually doesn't offer any user-accessible management interface.

So may I please traverse this firewall now, or is my use case still illegitimate?

hdgvhicv an hour ago | parent [-]

If you are trying to break through a firewall you don’t own then that’s not legitimate.

If you are buying firewall as a service then request a user interface or change your service provider.

lxgr 19 minutes ago | parent [-]

Are you even acknowledging my example? Where does it exist in your bimodal model of reality of "my firewall" and "somebody else's firewall"?

What provider would you suggest somebody wanting to make VoIP calls on their smartphone switch to that allows port forwarding of the kind you describe? And which popular VoIP app would support statically forwarded ports like that?

ufocia an hour ago | parent | prev [-]

You're assuming that the firewall was configured correctly or that the firewall admin is cooperative. That's a big ask.

On the other hand, there is plenty of badly written networked software. I bet most of the networked software developers have no idea how to correctly plumb their software. They just open whatever connection, e.g. sockets, their OS provides and just run with it without care of the underlying layers. The OSI model theory in fact encourages this ignorance.