> >How do you mean that the NAT does not filter flow?
>
> no NAT is used for it), then the NAT should not do anything about it, even
> if it does not correspond to a NAT session.
Ok, so you are saying that a NAT does not filter the flow of traffic over
non-NAT interfaces. This seems obvious, but true nonetheless.
> >All the IP masquerading code does is a _modern_ version of NAT.
> well, then it's a terminology debate. Then I invite your to read RFC 2663.
I agree that there are too many names for NAT. IP Masquerading is yet
another one. I was not "naming" this way of doing NAT "modern NAT" but
saying that it was "a modern NAT" which could have been better phrased
"a modern NAT implementation."
> then you'll see that it's not really new. I think it was already known in
> 1998 (if not before).
NAT in static forms existed long before that (long is relative in Internet
time,
of course).
> ("Protocol Complications with the IP Network Address Translator")
> for a list of problems/complications/... and the "NAT handbook" (this is
> a printed book) explains why you should not use NAT if you don't really
> need it!
OTOH, the current recommendations from ARIN (and a handful of RFCs)
are that sites should use NAT instead of registering large numbers of
routable addresses for internal use because of a lack of addresses in IPv4
space.
--
Michael T. Babcock
CTO, FibreSpeed
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
