Home page logo
/

nanog logo nanog mailing list archives

Re: Where NAT disenfranchises the end-user ...
From: Doug Clements <dsclements () linkline com>
Date: Thu, 06 Sep 2001 19:14:23 -0700


on 9/6/01 10:13 AM, Roeland Meyer at rmeyer () mhsc com wrote:
To be honest, even though I've used NAT myself and have implemented NAT for
friends and clients, I would NEVER represent that a NAT'd address has the
full connectivity to the Internet that a static address does. I've had many
people ask me why. I've even gotten some hate-mail from members of this
forum over this. The attached message is one instance-proof of where NAT is
deficient.

You are correct in that one:many NAT isn't a "full" internet connection, and
I agree that it shouldn't be represented as such.

A business that requires direct Internet access can't use NAT at the border.

Not true. While I expect you will take this as nitpicking, one:one NAT is
very conveniently used for servers while one:many NAT can be used for
generic workstation access while preserving a consistent LAN numbering
scheme. Anything that a "full" internet connection gets you will also work
with one:one NAT.

A business that delivers services to the internet can't use NAT, for their
application servers, at all.

This is laughable. You're telling me that we can't use our Alteons or
Arrowpoints that use NAT to provide (redundant and load balanced!) internet
services? I guess we should just go back to the One Big Web Server days, and
put all our MS SQL database servers out in "full" view of the internet. Now
there's any idea.

--Doug


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]