[arin-ppml] Set aside round deux
kkargel at polartel.com
Tue Aug 3 14:18:17 EDT 2010
> -----Original Message-----
> From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On
> Behalf Of Owen DeLong
> Sent: Monday, August 02, 2010 1:44 AM
> To: Roger Marquis
> Cc: arin-ppml at arin.net
> Subject: Re: [arin-ppml] Set aside round deux
> The majority of network engineers, on the other hand, are unlikely
> to think that NAT is anything better than a necessary evil in IPv4
> at best and no longer necessary in IPv6.
I wanted to chime in here and support Owen. I am an active SysAdmin for an ISP and I completely agree with the designation of NAT/PAT as a necessary evil.
A simple stateful inspection firewall will provide at least as much security as NAT, be much simpler with less overhead, simplify troubleshooting and provide an easy method of reversal should rolls change or troubleshooting require.
NAT/PAT breaks many common consumer applications, requiring complex workarounds that consume much helpdesk time. NAT costs my organization time (s/time/money/g) every day when we have to deal with it. That time would be much reduced if we could simply add an 'allow' rule rather than going through the steps to properly configure PAT.
More information about the ARIN-PPML