Kenneth Burgener wrote: > Out of curiosity why do you claim NAT is an evil scourge?
Because it breaks the idea of peer-to-peer connections and requires all kinds of hacks and workarounds to really get functionality. > > The only downside I could see for NAT is slightly more configuration for > the network administrator (and possible port mapping exhaustion on a > large network). > > The benefits of NAT all seem to be benefits: > -Provides a basic firewall mechanism by it's very nature NAT is not a firewall and should not be considered to be such. NAT is simply network translation. That is all. > -Reduce the number of needed public IP addresses This is valid reasoning only because no one wants to move to IPv6 until absolutely forced too. Private IP addresses are intended for use within a LAN only (IE an office), not anything bigger, like a university, or even a group of ISP subscribers. They are also intended to provide a way of doing direct, computer-to-computer networking (with a cross-over cable). Having widespread use of NAT breaks this quite badly. For example, we have computers that control instruments. In many cases they are preconfigured to talk to the instrument over a cross-over cable, with the computer set to 10.0.0.1 and the instrument as 10.0.0.2 (and yes, /8 netmask, as per the RFCs). The problem is now that that subnet now clashes with one used by the computer to talk to the internet and other campus computers. Is the instrument maker wrong? No. They followed the RFCs. It was BYU's decision to use private IP address on the WAN that broke it. > -Easy to setup by most home users, as it is now build into all DSL/Cable > modem routers IPv6 auto-configures devices for precisely this type of target group. > > I haven't found many articles for or against NAT, but I may be looking > in the wrong place. One article I found said NAT is not so bad: "Why > NAT Isn’t As Bad As You Thought" [1]. I've read a lot in my day. I'll try to dig some up. Plus I'll let the more technically able people give better reasons than I can give. > > The one claim I have found is it breaks the direct peer to peer > connection. I think to geeks and corporations this may be a concern, > but to the average home owner I think not having joe hacker have direct > access to my grandmothers computer outweighs this concern. Tell that to the person who wants to use Skype to video-chat with his mother. You better believe it affects even clueless end users. > > What are your concerns? I > > Kenneth > > [1]http://www.circleid.com/posts/why_nat_isnt_as_bad_as_you_thought/ > > > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ > /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
