[Techtalk] Good firewall configuration tool for debian
Carla Schroder
carla at bratgrrl.com
Fri Apr 9 16:14:27 EST 2004
On Friday 09 April 2004 1:29 pm, Mary wrote:
> I will rephrase Carla's statement
> as "NAT is necessary." It's necessary for all those poor unfortunates
> who live in countries or work in institutions that didn't realise how
> horrible NAT is in time to grab themselves a huge proportion of
> available IPv4 addresses. That is, pretty much everyone outside the US
> and a lot of people in it.
I still don't understand what is horrible about NAT? As Meredydd and others
said, there are many circumstances where you don't want to be a "peer." I
think it's a great tool, and if I had unlimited routable IPs to play with, I
would still use NAT.
For example, and this is pretty typical, I have one small company that runs
Postfix and Apache servers. These co-exist on one physical box in a DMZ. Then
there are 30+ workstations behind a nice NAT firewall, that need only
Internet access for web & mail. What good would it do for these to have
routable IPs? I don't WANT them to be visible to the biggest untrusted
network of all, the Internet. Nuh no way nohow.
Plus, NAT gives me all kinds of flexibility- I have gazillions of private
addresses to use in any way I need. The only conflicts I have to worry about
are within my own LANs.
If there is a factual basis for calling NAT evil, or undesirable in any way, I
would like to see it.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
this message brought to you
by Libranet 2.8 and Kmail
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the Techtalk
mailing list