nanog mailing list archives
Re: Where NAT disenfranchises the end-user ...
From: bmanning () vacation karoshi com
Date: Fri, 7 Sep 2001 16:30:24 +0000 (UCT)
|> True... neither does a well-firewalled LAN. There is a substantial difference between broken access and controlled access.Yes, but there are plenty of apps that will not work if you do not leave open large, arbitrary ranges of udp ports. This is fundamentally incompatible with most sane firewalls. Or NAT. Why write a protocol that way? Just to prove NAT sucks? Charles
No, because they were either written before NAT existed and tried hard to conform to the end2end principles of Internet Architecture or they were written after NAT existed and tried hard to conform to the end2end principles of Internet Architecture. NAT violates the end2end principles of the Internet Architecture by placing one or more policy abstraction layer(s) between the endpoints. That said, NAT is a tool in the tool box. I'd like to think that its worth the effort to try and recover true end2end. --bill
Current thread:
- RE: Where NAT disenfranchises the end-user ..., (continued)
- RE: Where NAT disenfranchises the end-user ... Mike Batchelor (Sep 07)
- RE: Where NAT disenfranchises the end-user ... Brian Whalen (Sep 09)
- Re: Where NAT disenfranchises the end-user ... Christian Kuhtz (Sep 09)
- Re: Where NAT disenfranchises the end-user ... Josh Richards (Sep 06)
- Re: Where NAT disenfranchises the end-user ... Jeff Mcadams (Sep 06)
- Re: Where NAT disenfranchises the end-user ... David Howe (Sep 07)
- RE: Where NAT disenfranchises the end-user ... Charles Sprickman (Sep 07)
- Re: Where NAT disenfranchises the end-user ... bmanning (Sep 07)
- Re: Where NAT disenfranchises the end-user ... Jon Mansey (Sep 07)
- Re: Where NAT disenfranchises the end-user ... bmanning (Sep 07)
- Re: Where NAT disenfranchises the end-user ... Valdis . Kletnieks (Sep 07)
- Re: Where NAT disenfranchises the end-user ... Scott Francis (Sep 07)