North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Where NAT disenfranchises the end-user ...

  • From: Jeff Mcadams
  • Date: Thu Sep 06 21:46:43 2001

Also sprach Roeland Meyer
>|> which of course *is* possible for at least one machine per visible
>|> IP address - even if additional IPs are masqed behind it.

>if you are doing one:one NAT then why do NAT at all?  if you are doing
>one:many then it won't work (broken).

Even with one:many NAT you can pretty much get the same effect.  You set
up a default private IP address behind the NAT that any
srcIP,dstIP,srcPort,dstPort combo that doesn't already have a mapping in
the NAT box goes to.

There's the possibilities of collisions here, but the chances are fairly

Now, before anyone calls me a NAT apologist...I'm anything but that.
There's no way on earth that I'd call this true Internet access, even
for the default machine behind the NAT.  Nor would I configure something
like this as an ISP, disclosed or not (just ask Cincinnati Bell what I
think of their Zoomtown Network setup and you'll find out how I feel
about NAT! ;), but I do see that there are places - few, but they're
there - for NAT.
Jeff McAdams                            Email: [email protected]
Head Network Administrator              Voice: (502) 966-3848
IgLou Internet Services                        (800) 436-4456