Thus said Michael Torrie on Sat, 10 Mar 2007 11:28:00 MST: > All of this can be achieved, as Hans has shown, without NAT. But in my > opinion, it's simpler, less error prone, and easier to secure with > NAT.
Hogwash. There is nothing inherently more secure, easier to secure or simpler about NAT (or PAT if you will) than using real IPs with a real firewall. Sure there are differences, but that doesn't mean that NAT is king in this area. I would much rather prefer a firewall with a deny all policy using real IPs than worry about NAT. Both methods block anything not explicitly allowed, but using real IPs offers a lot more flexibility in my opinion. Andy -- [-----------[system uptime]--------------------------------------------] 5:21pm up 4:14, 1 user, load average: 1.21, 1.11, 1.10 /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
