> Melinda Shore <[EMAIL PROTECTED]> writes:
> > > What applications that people want to run--and the IT managers would
> > > want to enable--are actually inhibited by NAT? It seems to me that
> > > most of the applications inconvenienced by NAT are ones that IT
> > > managers would want to screen off anyway.
> >
> > Not really. For example, ftp as originally defined doesn't
> > work through NATs, and no standard VoIP or multimedia
> > conferencing protocol works through NAT.
> None of these things worked real well through firewalls either,
> which is sort of my point.
This certainly has not been my experience. All of my equipment is behind a
firewall, but I have two sets of IP address - a small set of carefully hoarded
global addresses and a much larger set of NATed addresses.
Whenever I add something (which it seems is often) I first try it with a NATted
address. If that doesn't work I am forced to switch it to a global address.
All too often (VoIP phone, video conferencing, file sharing, etc.) I am
forced to switch to a global address before things work properly.
The firewall, on the other hand, has only been a problem once, and that was
because of an unfortunate lack of flexibility in its handling of a fairly
unusual setup involving FTP. A patch readily solved the problem.
NAT being an issue hasn't escaped the notice of vendors. My VoIP phone's
documentation discussed NAT problems at some length, but the proposed
solution -- use a specific NAT product that has been gimmicked to work
correctly -- isn't always a viable option.
Ned
