John Andersen wrote: >Why use a bridge? >Vmware-Nat is easier, and more versatile in that you can >run your vmware-nat on wireless or wired host network (whereas some >wireless cards can't be bridged). Nat is also somewhat more secure >because you do not expose the virtual machine directly to the >network.
<soapbox mode> NAT is also fundamentally broken in ANY implementation, it is BAD, to be avoided whenever you have enough public IPs to avoid it. It's an evil cludge invented to avoid having to fix the real problem (lack of addresses), and a second effect of it's invention has been to delay implementation of the proper fix because too many people think it IS the fix. Along with NAT you need Application Level Gateways (ALGs) for the many protocols it breaks (including FTP and SIP), and for SIP it's far from trivial to build an ALG - in fact it's impractical to build a universal ALG that will work in all possible situations because it requires an intimate knowledge of how the network appears to the client which may not be the same as how it appears to the gateway. The security is useful, but no more than you can get with any half decent firewall. And of course, with NAT, you can only forward a port on a public address to one client internally, so if you have a few services you want to make public you end up having to cludge things further - like using non-standard ports. I think by now you'll have got the idea that I think there is nothing positive about NAT beyond it's ability to build broken networks that avoid people having to address the problem properly, and I certainly would not advocate it's use where it can be avoided. </soapbox mode> Hear endeth my standard rant to those who say "just use NAT" ! ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
