Stewart Stremler wrote: > The big complain people tend to throw around with NAT is "it breaks > the inherent end-to-end connectivity of the Internet", which is exactly > what a default-deny setup on a firewall will do.
But with a default-deny firewall setup I can easily allow the things I want to allow and preserve the end to end connectivity in places where it is desireable. With NAT I cannot. I have to deal with the port renumbering and ip changing and other nasty things that NAT does. > We've been down this road before. And, frankly, I don't give a damn > if the new gee-whiz P2P application of the month wants to open up > random server sockets so that all of its bretheren can talk to it. I > get to set network policy on my own little piece of the network, just > because it's _my_ network, no $random_developer's. I don't so much care about the latest P2P app but VOIP is a very useful thing which NAT is really hindering. -- Tracy R Reed http://copilotconsulting.com 1-877-MY-COPILOT -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
