Must disagree.  
1.  Many people use NAT to hide their internal network structure and
make it that much more difficult for crackers.  Security through
obscurity is NOT a perfect solution, but a little of it helps,
especially when it's easy.  Also, ever tried to send a packet with an
address in the 192.168 range over the internet?  They die rather
quickly.
2.  Why should I want to fight with the IANA to get 200 addresses, when
all I need is the 16 that my ISP will happily subnet off for me? 
3.  While NAT based on service may be a bit much to demand as an entry
level firewall feature, many-to-one and many-to-many NAT are very
reasonable demands.  

=========================
Paul H. Gracy
[EMAIL PROTECTED]
phone: 404 705 2873
#include <std.disclaimer>
=========================


> -----Original Message-----
> From: Paul Krumviede [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 14, 1999 12:12 AM
> To:   [EMAIL PROTECTED]
> Subject:      Re: OS Platform for firewall  (...the answer is..)
> 
> Curtice Hardy wrote:
> > 
> > Well, that would depend....  I would say that it should support the
> > following(Out of the box, without any addons....
> > 
> > 1. Advanced NAT (One to one, One to many, And in todays world even
> NAT
> >         based on service) Also, it Shouldn't be a problem to forward
> > services to
> >         inside NON-Windows(Read Unix servers).
> 
> As far as I'm concerned, NAT is an evil idea, and I'd avoid systems
> that do it. If I really want to use it, I'll turn it on. I accept
> that others may think differently, but any discussion of core
> functionality should not add extras (and note that many people
> want or use NAT to either avoid arguing with ARIN or RIPE or
> APNIC about how many addresses they need or because they don't
> want to renumber).
> 
> -paul
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to