Keith Moore wrote:
network edge) but only without NAT.
When NAT breaks the ability of the endpoints to use the connection at
all, whether it's authorized or not, whether the flow can be validated
by a firewall is irrelevant.
If this statement were to hold water it would also have to apply to
statefulness:
When statefulness breaks the ability of the endpoints to use the
connection at all, whether it's authorized or not, whether the flow can
be validated by a firewall is irrelevant.
Are you disputing that? In other words, if NAT is bad because it breaks
protocols how is statefulness any different?
Can you give us an example? Is there a protocol in use in the real world
which ingress flows can be validated by a state-keeping firewall (at the
Also, your notion of the "real world" is one which is deliberately
broken via NAT, so of course nothing exists in your "real world" that
suits your criteria.
My notion of the real world is broken? Please do explain. Real world use is
just what it is, has nothing to do with any individual.
And thank you for admitting the truth, that NAT breaks nothing in real
world use.
Roger Marquis
_______________________________________________
nat66 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nat66
