Where NAT disenfranchises the end-user ...
Jeff Mcadams
jeffm at iglou.com
Fri Sep 7 01:44:18 UTC 2001
Also sprach Roeland Meyer
>|> which of course *is* possible for at least one machine per visible
>|> IP address - even if additional IPs are masqed behind it.
>if you are doing one:one NAT then why do NAT at all? if you are doing
>one:many then it won't work (broken).
Even with one:many NAT you can pretty much get the same effect. You set
up a default private IP address behind the NAT that any
srcIP,dstIP,srcPort,dstPort combo that doesn't already have a mapping in
the NAT box goes to.
There's the possibilities of collisions here, but the chances are fairly
low.
Now, before anyone calls me a NAT apologist...I'm anything but that.
There's no way on earth that I'd call this true Internet access, even
for the default machine behind the NAT. Nor would I configure something
like this as an ISP, disclosed or not (just ask Cincinnati Bell what I
think of their Zoomtown Network setup and you'll find out how I feel
about NAT! ;), but I do see that there are places - few, but they're
there - for NAT.
--
Jeff McAdams Email: jeffm at iglou.com
Head Network Administrator Voice: (502) 966-3848
IgLou Internet Services (800) 436-4456
More information about the NANOG
mailing list