- From: Dave Crocker <dcrocker@brandenburg.com>
- Date: Thu, 5 Dec 2002 14:51:53 -0800
- To: Graham Klyne <GK@Ninebynine.org>
- CC: Tony Hansen <tony@att.com>, discuss@apps.ietf.org
Graham, Monday, December 2, 2002, 9:54:54 AM, you wrote: Graham> More generally, NATted systems only really "work" when they make only Graham> outgoing connections. (Yes, you can define a "pass-through", but that's a Graham> horrible hack, and only lets you have one receiving endpoint.) I'm not fond of the problems that NATs incur, but I think that we are tending to argue "purity" from a false premise. As others have noted, NATs do more than deal with an address space problem. They permit a degree of plug-and-play that has otherwise not been possible. Note that a NAT can be a DHCP client as well as provider, thereby making the entire customer site plug and play. But to comment on the Subject line of this note: A host consumes a single address and provides access to a collection of processes. Clients and servers. A NAT does the same thing. In terms of "inconvenience" such as for providing servers, the problem with NATs is administering address/port assignments, rather than there being a core problem with the idea of a NAT. Graham> Where this all leads, I think, is that the worst thing about NAT is that it Graham> hinders the deployment of new applications. How is this different from having "protected" ports below 1000 on Unix? d/ -- Dave Crocker <mailto:dcrocker@brandenburg.com> TribalWise <http://www.tribalwise.com> t +1.408.246.8253; f +1.408.850.1850
Received on Thursday, 5 December 2002 18:08:31 UTC