On Thursday, June 19, 2003, at 05:59 PM, J. Noel Chiappa wrote:
From: S Woodside <[EMAIL PROTECTED]>
Does that mean that a NAT is a workable firewall but introduces undesirable side effects? Is it (or could it be) possible to make an equally workable firewall, at a low price, that doesn't introduce to constrained policy capabilities?
oops, I meant to say:
Is it (or could it be) possible to make an equally workable {{{{{local address isolation system}}}}}, at a low price, that doesn't introduce the drawbacks of NAPT.
simon
This is an incredibly pointless and idiotic discussion.
If the Internet architecture provided i) plenty of addresses, ii) locally
allocatable addresses, and iii) the ability change providers easily, there
would be *no* NAT boxes - none, zero, nada, zip.
People who needed firewall capability would install a real firewall. They'd
be just as cheap to make, simpler, have less side effects, etc, etc, etc.
End of story.
Now, can we please stop talking about whether or not NAT boxes are useful as
access control devices, please?
-- www.simonwoodside.com -- 99% Devil, 1% Angel
