Security gain from NAT (was: Re: Cool IPv6 Stuff)

Matthew Palmer mpalmer at
Mon Jun 4 23:51:08 UTC 2007

On Mon, Jun 04, 2007 at 03:31:00PM -0500, Larry Smith wrote:
> On Monday 04 June 2007 13:54, Valdis.Kletnieks at wrote:
> > On Mon, 04 Jun 2007 11:32:39 PDT, Jim Shankland said:
> > > *No* security gain?  No protection against port scans from Bucharest?
> > > No protection for a machine that is used in practice only on the
> > > local, office LAN?  Or to access a single, corporate Web site?
> >
> > Nope. Zip. Zero. Ziltch.  Nothing over and above what a good properly
> > configured stateful *non*-NAT firewall should be doing for you already.
> Cool, then I need four of these firewalls, and two Class-C (512) worth of IP 
> space that works behind my current ISP at no more than $39.95 each (my basic 
> price for a Dlink, Netgear, etc cable/dsl router with NAT) with no additional 
> cost to my monthly internet - and I will start switching over networks...
> Yes, I am joking, but the point being that _currently_ NAT serves a purpose; 

Yes, it does -- conservation of address space (and routing table entries,
possibly).  However, a quick glance at the subject line and the material you
quoted should suggest that we're talking about a different topic.

- Matt

I was punching a text message into my phone yesterday and thought, "they need
to make a phone that you can just talk into."
		-- Major Thomb

More information about the NANOG mailing list