On Sun, Nov 1, 2009 at 4:36 PM, Noel Chiappa <[email protected]> wrote: > For _one_ example of a non-extra-space capability that NAT provides, two > words: provider independence. Others may have different causes to mention...
Noel, >From an architectural point of view, an address-overloaded NAT firewall is more secure than stateful-nontranslating and packet filtering firewalls because an error in the firewall is not capable of opening up the span of internal hosts to direct access from the external network. It's security is beat only by the application-layer proxy which is much much uglier. Regards, Bill Herrin -- William D. Herrin ................ [email protected] [email protected] 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004 _______________________________________________ rrg mailing list [email protected] http://www.irtf.org/mailman/listinfo/rrg
