At 3:04 -0500 11/30/99, [EMAIL PROTECTED] wrote:
>On Mon, 29 Nov 1999 22:45:17 PST, Ian King said:
>> any "lack" because of it. I don't play UDP-based games or employ any of the
>> other relatively new protocols that are so sensitive to end-to-end-ness
>> (should they be? was that a valid assumption?), so a NAT is a great solution
>
>Well.. Urm... TCP and UDP both assume that one endpoint is talking
>directly in real time to another endpoint. The NAT problems only
>start when the protocol carries IP address/port information (such
>as the FTP 'PORT' command), and the NAT isn't aware of that protocol's
>translation requirements (If you see *this* at offset 80 of *that*
>packet, smash it to read *foobar* instead).
I would tend to agree. As I have said elsewhere, NATs in and of themselves
do nothing wrong. They are doing things within the Internet/Network Layer
that are perfectly legal. (In essence, they are treating the network
address in much the same way that X.25, ATM, and MPLS treat their
addresses.) The problem is that applications lacking an "application
address space" are using the Network address space inappropriately. In a
sense, we are making the same mistake the phone companies made when they
kludged their route-dependent address space to be location-independent
(first 800 numbers and then mobile). They have since fixed their problem.
>
>I'll grant FTP an exemption, it came well before NAT units became
>prevalent (Was there an FTP-over-NCP before The Great IP Deployment?).
Actually, there was and the PORT command existed as a kludge. The
preferred approach for the data connection was intended to be a fixed
offset from the telnet connection. The PORT command, then called SOCK, was
inserted because BBN TIPs hardwired printers and such to certain sockets.
Not exactly an example I would recommend following. The PORT command
should have been retired decades ago.
>However, I do agree that anybody designing a protocol in the last 3-4
>years *should* have designed it to be firewall and NAT friendly.
>(Yes, I know that can be difficult in practice. I guess that's today's
>"Welcome to Reality").
Applications which need to communicate addressing information for their own
use should only use an application address space. Now, the fact that we
don't have one is a bit of a problem! ;-) It would have been nice to have
one before we got this far. How we get out of this mess at this point is
anyone's guess.
Take care,
john
