What applications that people want to run--and the IT managers would
want to enable--are actually inhibited by NAT? It seems to me that
most of the applications inconvenienced by NAT are ones that IT
managers would want to screen off anyway.
Not really. For example, ftp as originally defined doesn't
work through NATs, and no standard VoIP or multimedia
conferencing protocol works through NAT.
What I think is a huge problem that people tend to be pretty
hand-wavy about is that many of the mechanisms that are
introduced to help complex applications work through NATs
introduce new security exposures, whether it's the
"pseudo-NAT attack" described by Dupont and that we've run
into with STUN, or external relays allowing internal users
to run unauthorized servers, or stateful inspection/rewrite
forcing application users not to use encryption or integrity
protection, or ... NAT has a surprisingly wide ripple
effect that's almost completely negative.
Melinda