My question for the list is is there a web page or
other document anywhere that comprehensively states
the case against NAT?
If your new administrator is of the type who fixes things that aren't
broken, it may be the admininistrator that needs replacement, not the
As you point out, you aren't short on address space (the primary reason
for NAT). Security is not a problem for NAT, since any good netadmin is
going to know how to block and route traffic with routers, firewalls,
proxies, etc., to avoid problems. Too bad if it is time-consuming ...
that's what he is being paid for, so he can't complain.
Admininstrative convenience is not a reason, either. If admininstration
were that convenient, his position would be redundant. In any case,
restructuring an entire network so that one can spend more time playing
Doom in one's cube is a very poor justification for the operation.
NAT has obvious disadvantages. The Internet is not designed to address
multiple machines with one IP address, and lots of things will break
when NAT is in place. Incoming machine-specific traffic is the major
problem. Chat and instant messaging services will fail, and there is no
way to get them to work with NAT. Streaming services may fail as well.
NAT can compromise point-to-point security. Overall it's a clever but
nasty kludge that I cannot see implementing if it isn't required. It
works for SOHO configurations with just one public IP address and the
like, but it seems like a very poor idea for any organization that
doesn't have an address shortage.