Explain how NAT does this? NAT simply mangles the IP headers. A stateful firewall can protect you from port scans and other baddies without NAT. It is bad because it has broken protocols, applications, and end-to-end communications and caused much grief and likely loss of functionality in various applications because of it, unseen loss of functionality. I maintain NAT is evil. And even "extending the life of IPv4" is debatable as a plus for the overall picture. -----Original Message----- From: Florin Iucha <florin at iucha.net> Reply-to: TCLUG Mailing List <tclug-list at mn-linux.org> To: TCLUG Mailing List <tclug-list at mn-linux.org> Subject: Re: [tclug-list] vpn solutions Date: Mon, 14 Feb 2011 10:36:07 -0600 Mailer: Mutt/1.5.18 (2008-05-17) On Mon, Feb 14, 2011 at 10:22:42AM -0600, Justin Krejci wrote: > Yep, this is why NAT is evil and bad in every way except for extending > the life of IPv4. It's not evil - it is more expensive for you and me. Auntie Em don't care one way or another. Au contraire, NAT might protect her from port scans and kiss of death packets (although indeed they have became rarer these days). Cheers, florin _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota tclug-list at mn-linux.org http://mailman.mn-linux.org/mailman/listinfo/tclug-list -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20110214/e2e68ea6/attachment-0001.html>