Christian Huitema wrote:
Saying that "stateful NAT enables SIP" is only right in some Orwellian twist of the word "enables."
Are you saying the problem here is not that the SIP protocol embeds network layer information in the data portion as a (ineffective) security check? Or are you saying that any protocol, no matter how badly written, should be allowed through firewalls with a minimum of checks?
As for P2P, I don't know what you refer to. P2P protocols based on TCP-IP mostly don't work through NAT, although they can be made to work through some NAT if one deploys TCP > IPv6 > Teredo -- another of those "interesting" engineering efforts designed to alleviate the effects of NAT. Saying that P2P works seamlessly with NAT smells of Alice in Wonderland...
Apparently you haven't work with Juniper's ScreenOS. Roger Marquis _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
