NAT evil scourge?
Michael L Torrie
torriem at chem.byu.edu
Tue Oct 16 15:19:58 MDT 2007
Kenneth Burgener wrote:
> Out of curiosity why do you claim NAT is an evil scourge?
Because it breaks the idea of peer-to-peer connections and requires all
kinds of hacks and workarounds to really get functionality.
> The only downside I could see for NAT is slightly more configuration for
> the network administrator (and possible port mapping exhaustion on a
> large network).
> The benefits of NAT all seem to be benefits:
> -Provides a basic firewall mechanism by it's very nature
NAT is not a firewall and should not be considered to be such. NAT is
simply network translation. That is all.
> -Reduce the number of needed public IP addresses
This is valid reasoning only because no one wants to move to IPv6 until
absolutely forced too. Private IP addresses are intended for use within
a LAN only (IE an office), not anything bigger, like a university, or
even a group of ISP subscribers. They are also intended to provide a
way of doing direct, computer-to-computer networking (with a cross-over
cable). Having widespread use of NAT breaks this quite badly. For
example, we have computers that control instruments. In many cases they
are preconfigured to talk to the instrument over a cross-over cable,
with the computer set to 10.0.0.1 and the instrument as 10.0.0.2 (and
yes, /8 netmask, as per the RFCs). The problem is now that that subnet
now clashes with one used by the computer to talk to the internet and
other campus computers. Is the instrument maker wrong? No. They
followed the RFCs. It was BYU's decision to use private IP address on
the WAN that broke it.
> -Easy to setup by most home users, as it is now build into all DSL/Cable
> modem routers
IPv6 auto-configures devices for precisely this type of target group.
> I haven't found many articles for or against NAT, but I may be looking
> in the wrong place. One article I found said NAT is not so bad: "Why
> NAT Isn’t As Bad As You Thought" .
I've read a lot in my day. I'll try to dig some up. Plus I'll let the
more technically able people give better reasons than I can give.
> The one claim I have found is it breaks the direct peer to peer
> connection. I think to geeks and corporations this may be a concern,
> but to the average home owner I think not having joe hacker have direct
> access to my grandmothers computer outweighs this concern.
Tell that to the person who wants to use Skype to video-chat with his
mother. You better believe it affects even clueless end users.
> What are your concerns?
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
More information about the PLUG