[rescue] Public IP addresses [Was: rescue Digest, Vol 226, Issue 38]
Mouse
mouse at Rodents-Montreal.ORG
Sat Oct 2 12:03:52 CDT 2021
> If you want to be flamed to a crisp and beyond, mention that NAT is
> the perfect solution to anyone who's dealt with multiple layers of
> NATting.
It _is_ the perfect solution - to a few problems.
A very few.
> I've only dealt with up to three layers but I know people who've
> dealt with situations with up to seven layers of NATting.
Good gods. I don't think I've ever had to deal with even three. I
_have_ dealt with two on occasion.
But, really, I see non-NATting stateful firewalls as being almost as
bad a thing as NAT. A stateful device that doesn't pass packets if it
loses state breaks the assumptions underlying IP networking; that it
doesn't break more than it does is a testament to the robustness of the
upper-layer protocols.
I just wish more people had stood firm on technical aspects and refused
to twist and bend protocols into pretzels to make them NAT-tolerant.
_My_ answer to "this breaks in the presence of NAT" is almost always
"don't do that, then", or, when I'm feeling more strident, something
like "it also breaks when passing through a router that isn't
8-bit-clean".
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse at rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
More information about the rescue
mailing list