On Thu, 2007-03-08 at 23:32 -0700, Michael Torrie wrote: > On Thu, 2007-03-08 at 22:06 -0700, Hans Fugal wrote: > > Absolutely not. NAT is out of the question. NAT always causes more > > problems than it solves, even in enterprise. In enterprise, you have > > full-time sysadmins to go around chasing NAT issues and keeping a > > semblance of normalcy. I know, I used to be one. I will set my network > > up and just let it run. I will not be a slave to NAT. > > I disagree. Static one-to-one NAT (think of it as a layer 3 bridge) is > clean and effective. You do just set it up once and let it run. No > one's a slave to anything. Once you introduce dynamic NATing, then, > yes, you will likely have problems. I have never had to chase down NAT > problems. It just works. What problems have you observed?
Yes, NAT is definitely better than PAT but I'm still not sold. I'd be interested in your opinion of why that's any better than using normal IP addresses with a good set of firewall policies. The only decent one I can think of is saving IP addresses, but I like to ignore that one in the vain hope that someday IP addresses will be as doled out in large quantities. Corey /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
