Melinda Shore <mshore(_at_)cisco(_dot_)com> writes:
What applications that people want to run--and the IT managers would
want to enable--are actually inhibited by NAT? It seems to me that
most of the applications inconvenienced by NAT are ones that IT
managers would want to screen off anyway.
Not really. For example, ftp as originally defined doesn't
work through NATs, and no standard VoIP or multimedia
conferencing protocol works through NAT.
None of these things worked real well through firewalls either,
which is sort of my point.
This certainly has not been my experience. All of my equipment is behind a
firewall, but I have two sets of IP address - a small set of carefully hoarded
global addresses and a much larger set of NATed addresses.
Whenever I add something (which it seems is often) I first try it with a NATted
address. If that doesn't work I am forced to switch it to a global address.
All too often (VoIP phone, video conferencing, file sharing, etc.) I am
forced to switch to a global address before things work properly.
The firewall, on the other hand, has only been a problem once, and that was
because of an unfortunate lack of flexibility in its handling of a fairly
unusual setup involving FTP. A patch readily solved the problem.
NAT being an issue hasn't escaped the notice of vendors. My VoIP phone's
documentation discussed NAT problems at some length, but the proposed
solution -- use a specific NAT product that has been gimmicked to work
correctly -- isn't always a viable option.
Ned