On Oct 31, 2010, at 12:47 PM, Roger Marquis wrote: >> suspect the astroturf agenda, particularly given how NAT-detractors: >> A) have yet to provide a detailed rebuttal to the many uses of NAT > > One way NAT-detractors could back-up their claims of "harm" would be to > answer Chris Engel's request for an example of where NAT would break > something that statefulness would not.
A stateful firewall can (at least in principle) be configured to enforce finer-grained policy than a NAT. > SIP, SCTP and P2P are examples of where statefulness is both required for > security and where the same statefulness permits such applications and > protocols to work seamlessly with NAT. Any pro-NAT arguments that try to cite specific protocols that happen to work with NAT, or expect their opponents to enumerate applications that don't work with NAT, are inherently irrelevant, and not worth responding to. The purpose of the Internet is not to support only a few specific protocols that you might have happened to have heard of today, or that might happen to work through NAT. Keith _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
