[41461] in North American Network Operators' Group
Re: Where NAT disenfranchises the end-user ...
daemon@ATHENA.MIT.EDU (Eric A. Hall)
Mon Sep 10 14:06:10 2001
Message-ID: <002801c13a23$2e3e5d70$0a0aa8c0@labs.ntrg.com>
From: "Eric A. Hall" <ehall@ehsco.com>
To: "Scott Gifford" <sgifford@tir.com>
Cc: "NANOG (E-mail)" <nanog@merit.edu>
Date: Mon, 10 Sep 2001 13:05:30 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
> From: "Scott Gifford" <sgifford@tir.com>
> I've actually seen the question of how NAT breaks the Internet more
> than a good stateful firewall come up more than once, and haven't
> really seen a satisfactory answer. Where does a stateful firewall
> configured to only allow outgoing connections work that NAT doesn't?
Anywhere the IP address is a part of the protocol, and a proxy for that
protocol does not exist. Peer election protocols, replication protocols, etc.
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
