[41352] in North American Network Operators' Group
Re: Where NAT disenfranchises the end-user ...
daemon@ATHENA.MIT.EDU (Charles Sprickman)
Fri Sep 7 00:17:04 2001
Date: Fri, 7 Sep 2001 00:16:06 -0400 (EDT)
From: Charles Sprickman <spork@inch.com>
To: Roeland Meyer <rmeyer@mhsc.com>
Cc: "NANOG (E-mail)" <nanog@merit.edu>
In-Reply-To: <EA9368A5B1010140ADBF534E4D32C728069E71@condor.mhsc.com>
Message-ID: <Pine.BSF.4.33.0109070009590.24467-100000@shell.inch.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 6 Sep 2001, Roeland Meyer wrote:
> Hello all,
>
>
> To be honest, even though I've used NAT myself and have implemented NAT for
> friends and clients, I would NEVER represent that a NAT'd address has the
> full connectivity to the Internet that a static address does.
True... neither does a well-firewalled LAN.
NAT has it's place, and we have many happy customers that are quite
pleased with their NAT'd connections; some simple, some fancy.
What irks me more than NAT are crappy protocols like FTP and H.323 that
make too many assumptions about how much of my machine I am willing to
expose in order to communicate using these protocols. I particularly
detest any software that is not content to let the far end figure out
the source address of a packet.
NAT and firewalls have a way of showing you how poorly designed these
protocols are.
Charles
