Re: Microsoft urging users to buy Harware Firewalls

[Valdis.Kletnieks () vt edu]

On Wed, 13 Aug 2003 20:04:47 EDT, "Richard M. Smith" <rms () computerbytesman com>  said:

> Windows directory from being accessed from the Internet.  My only
> question is why aren't NAT routers built into all cable and DSL modems.

Because NAT is *not* a be-all and end-all.  NAT *does* break things.

You can't easily do IPSec through a NAT (meaning you need to do some tap-dancing
if you want to VPN from one).

NAT breaks a lot of end-to-end stuff - for instance, if you have a NAT, it's *REALLY*
hard to have 2 different machines running servers on the same port.

http://www.ietf.org/rfc/rfc3027.txt?number=3027 for all the gory details

Attachment: _bin
Description: