> From: S Woodside <sbwoodside(_at_)yahoo(_dot_)com>
> Does that mean that a NAT is a workable firewall but introduces
> undesirable side effects? Is it (or could it be) possible to make an
> equally workable firewall, at a low price, that doesn't introduce to
> constrained policy capabilities?
This is an incredibly pointless and idiotic discussion.
If the Internet architecture provided i) plenty of addresses, ii) locally
allocatable addresses, and iii) the ability change providers easily, there
would be *no* NAT boxes - none, zero, nada, zip.
People who needed firewall capability would install a real firewall. They'd
be just as cheap to make, simpler, have less side effects, etc, etc, etc.
End of story.
Now, can we please stop talking about whether or not NAT boxes are useful as
access control devices, please?
Noel