From: Jon Mansey [mailto:jon_mansey@verestar.com]
Sent: Friday, September 07, 2001 11:57 AMI seem to be able to connect to port-forwarded services behind my
office NAT firewall just fine from my laptop behind my home NAT box.
Whats the problem?
Can we talk ... using NetMeeting?
NM, along with IPsec are examples of apps that dont play well here, but thats the point, they are apps that have not been written with the real world in mind, ie that a good proportion of the edge these days is behind NAT.
Who gives in first here, the app developers (or their marketing depts) who decide that supporting NAT is important, or the NAT developers who decide they can fix cuseeme or PPTP by re-writing the packet data?
I am also playing devil's advocate here somewhat, we all know the real solution to lack of IPv4 space, true end2end, and security lies with IPv6, right?
jm
data communications security types would argue that NAT breaks data
integrity and authentication features that are rather important.
end-to-end characteristics are probably more crucial in this context
than any other.
richard