Security gain from NAT
mattias at ahnberg.pp.se
Tue Jun 5 10:56:36 UTC 2007
Donald Stahl wrote:
> Keep it simple. NAT is a terrible terrible hack- and it's sad that it's
> become so accepted in the maintsream.
Probably mostly because it WORKS for people, it doesn't require you
to be a network specialist. Someone just purchases a NAT gateway to
connect to their ADSL/cable connection where they have one dynamic
IP allocated by their ISP.
They get automatic DHCP by the internal ports on the router and all
is set, they can connect many computers to the network. They don't
have to understand PAT, NAT or policies.
This is certainly part of the problem too, that users don't know a
lot about their underlying connectivity and why things work the way
it does; but that is another discussion.
To get rid of NAT and the advantages it has someone would've needed
to design stuff differently to begin with. Allocate larger blocks
of IPs to customers with more than one computer at home, or default
allocate more. Imagine the bureaucracy around that?
More information about the NANOG