Einar Stefferud wrote:
[..]
> had my own home system and discovered that I had no interest in being
> totally visible and accessible at all times, especially when I was
> not always around to monitor things.
>
> So, now I am very happy behind my little XRouter NAT box, with an ISP
> service out there where I can have a login shell if I wish.
NAT doesn't primarily provide security, a firewall does. A firewall
doesn't have to do NAT. If you dont mind the number of IP addresses
you get from your ISP, install a smart firewall and ditch the NAT
box (or twiddle some config options in your Xrouter... whatever)
[..]
> But, I also note that I choose this because it is good for me
> locally, not because I cannot get an IP number for some reason.
You need a firewall. This isn't immediately relevant to a discussion
about the architectural implications of, or reasons for, NAT.
> So, much of this argument appears to be based on the simple fact that
> IP numbers are scare, and so some companies have chosen to go along
> with NATS when they have no other reason than the shortage of
> available IP numbers.
>
> If so, then that is the problem to solve and leave those of us who
> want NATS alone in our happiness;-)... Even with IPV6, I would stay
> the way I am.
With IPv6 I would hope you'd still want a firewall on your home
connection. But that's not NAT.
cheers,
gja
________________________________________________________________________
Grenville Armitage http://members.home.net/garmitage/
Bell Labs Research Silicon Valley
