Home page logo
/

nanog logo nanog mailing list archives

Re: Where NAT disenfranchises the end-user ...
From: Jeff Mcadams <jeffm () iglou com>
Date: Thu, 6 Sep 2001 21:44:18 -0400


Also sprach Roeland Meyer
|> which of course *is* possible for at least one machine per visible
|> IP address - even if additional IPs are masqed behind it.

if you are doing one:one NAT then why do NAT at all?  if you are doing
one:many then it won't work (broken).

Even with one:many NAT you can pretty much get the same effect.  You set
up a default private IP address behind the NAT that any
srcIP,dstIP,srcPort,dstPort combo that doesn't already have a mapping in
the NAT box goes to.

There's the possibilities of collisions here, but the chances are fairly
low.

Now, before anyone calls me a NAT apologist...I'm anything but that.
There's no way on earth that I'd call this true Internet access, even
for the default machine behind the NAT.  Nor would I configure something
like this as an ISP, disclosed or not (just ask Cincinnati Bell what I
think of their Zoomtown Network setup and you'll find out how I feel
about NAT! ;), but I do see that there are places - few, but they're
there - for NAT.
-- 
Jeff McAdams                            Email: jeffm () iglou com
Head Network Administrator              Voice: (502) 966-3848
IgLou Internet Services                        (800) 436-4456


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]