On Dec 6, 2010, at 8:37 AM, Adam Tauno Williams <awilliam at whitemice.org> wrote: > NO NO NO NO NO NO NO and NO! (*@!^&*@$ &@*^*&$@ &*@^*&@ How many > times does this have to be explained??? NAT *IS* *NOT* a @*(&^*(^@(*@ > security tool. It isn't. Stop saying it is. You use *firewalls* for > security. Just block ingress traffic and you are just as well off as > you are on NAT - and odds are in your NAT configure you are doing that > already. All you do is eliminate the hacks, performance penalty, and > interoperability problems created by NAT. NAT is a *problem*, not a > solution for anything other than a deficient network protocol. There is no arguing that NAT is not a security tool, but if your firewall drops it's pants it's better to have non-routable addresses behind it. -Ross