On Dec 6, 2010, at 8:37 AM, Adam Tauno Williams awilliam@whitemice.org wrote:
NO NO NO NO NO NO NO and NO! (*@!^&*@$ &@*^*&$@ &*@^*&@ How many times does this have to be explained??? NAT *IS* *NOT* a @*(&^*(^@(*@ security tool. It isn't. Stop saying it is. You use *firewalls* for security. Just block ingress traffic and you are just as well off as you are on NAT - and odds are in your NAT configure you are doing that already. All you do is eliminate the hacks, performance penalty, and interoperability problems created by NAT. NAT is a *problem*, not a solution for anything other than a deficient network protocol.
There is no arguing that NAT is not a security tool, but if your firewall drops it's pants it's better to have non-routable addresses behind it.
-Ross