On Thursday, June 19, 2003, at 05:59 PM, J. Noel Chiappa wrote:
From: S Woodside <sbwoodside(_at_)yahoo(_dot_)com>
Does that mean that a NAT is a workable firewall but introduces
undesirable side effects? Is it (or could it be) possible to make an
equally workable firewall, at a low price, that doesn't introduce to
constrained policy capabilities?
oops, I meant to say:
Is it (or could it be) possible to make an equally workable {{{{{local
address isolation system}}}}}, at a low price, that doesn't introduce
the drawbacks of NAPT.
simon
This is an incredibly pointless and idiotic discussion.
If the Internet architecture provided i) plenty of addresses, ii)
locally
allocatable addresses, and iii) the ability change providers easily,
there
would be *no* NAT boxes - none, zero, nada, zip.
People who needed firewall capability would install a real firewall.
They'd
be just as cheap to make, simpler, have less side effects, etc, etc,
etc.
End of story.
Now, can we please stop talking about whether or not NAT boxes are
useful as
access control devices, please?
--
www.simonwoodside.com -- 99% Devil, 1% Angel