Agreed NAT's do not create security although many customers believe they do. NAT's _are_ extremely useful in hiding network topologies from casual inspection.
What I usually recommend to those who need NAT is a stateful firewall in front of the NAT. The rationale being the NAT hides the topology and the stateful firewall provides the security boundary. Scott C. McGrath On Thu, 30 Oct 2003, Stephen Sprunk wrote: > > Thus spake <[EMAIL PROTECTED]> > > Now, I'm not claiming that every device capable of IPv4 NAT is currently > > able to function in this way, but there are no technical barriers to > prevent > > manufacturers from making IPv6 devices that function in this way. The > > IPv6 vendor marketing folks can even invent terms like NAT (Network > > Authority Technology) to describe this simple IPv6 firewall function, i.e. > > IPv6 NAT. > > Or you could simply call it what it is -- a firewall -- since that's what > most consumers think NAT is anyways. > > While I disagree with the general sentiment that NATs create security, the > standard usage of such devices is certainly that of a stateful firewall. > > S > > Stephen Sprunk "God does not play dice." --Albert Einstein > CCIE #3723 "God is an inveterate gambler, and He throws the > K5SSS dice at every possible opportunity." --Stephen Hawking >