On 02/14/2011 10:45 AM, Justin Krejci wrote: > Explain how NAT does this? NAT simply mangles the IP headers. > A stateful firewall can protect you from port scans and other baddies > without NAT. > Yup, you should have that too. NAT just prevents a non-technical user from opening ports 53 and 22 to everyone by accident. User-functionality vs. security trade off again. > It is bad because it has broken protocols, applications, and end-to-end > communications and caused much grief and likely loss of functionality in > various applications because of it, unseen loss of functionality. > I maintain NAT is evil. And even "extending the life of IPv4" is > debatable as a plus for the overall picture. > NAT doesn't realistically extend it by more than a week on the small scale it's been rolled out, so I agree it's a non-issue. I do agree that not listing that you are receiving a NAT connection is pretty evil. The user should be aware if they want to be, and there should definitely be an option available for a non-NAT connection, but I do understand the desire to provide NAT by default (see above). P.S. The top posting is getting a little annoying. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 554 bytes Desc: OpenPGP digital signature URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20110214/4af4ced1/attachment.pgp>