> > of unadministered, always-on boxes that aren't supposed to be running > > inbound services in unrouted space would save all of us headaches. > > That's almost a better justification for NAT than address-space conservation. ;)
Almost? I'd say it's hands down an EXCELLENT reason. In some configs though, the NAT'd people can still see each other and cause problems, but it still cuts down the exposure.