I'm not sure who was first, in terms of IOS NAT and ip_masq. If memory
serves (and it usually doesn't) then 11.2 was released around Aug 97. I
don't see any easy way to identify the release date.
However, I think the linux code is older, although of course its largely
based upon the BSD firewall code.
The online source log shows
38 * Masquerading functionality
39 *
40 * Copyright (c) 1994 Pauline Middelink
41 *
42 * The pieces which added masquerading functionality are totally
43 * my responsibility and have nothing to with the original authors
44 * copyright or doing.
45 *
46 * Parts distributed under GPL.
47 *
48 * Fixes:
49 * Pauline Middelink : Added masquerading.
50 * Alan Cox : Fixed an error in the merge.
51 * Thomas Quinot : Fixed port spoofing.
52 * Alan Cox : Cleaned up retransmits in
spoofing.
53 * Alan Cox : Cleaned up length setting.
54 * Wouter Gadeyne : Fixed masquerading support of
ftp PORT commands
55 *
56 * Juan Jose Ciarlante : Masquerading code moved to
ip_masq.c
But Cisco was promoting NAT much earlier. They bought the old NTI hardware
(now called the PIX), and its primary purpose in life was NAT -- the company
was called Network Translations Inc. Looks like my first PIX install was 3
July 1996, so that predates IOS installations, I think.
--woody
Yep- NAT showed up in Cisco IOS in the 11.2 version. I am
[..]
Unfortunately, I let my urge to smack Meyer down mask the original intent of
my message.
To tell you the truth, I don't really care what products were shipping NAT
first -- the fact still remains that NAT was not some hack created by a small
group of people so that the "poor dialup user" could take revenge against the
evil ISP that won't give out more than 1 IP for $20/month (as Meyer would
have you believe). It is a documented standard, brought about by the IETF as
a means of conserving IPv4 space.
--Adam
Right, the tradition has roots at least a few years further back
in the hack created by the "poor dialup shell account user" to allow
them to get SLIP (and, at some point, CSLIP and PPP) access to the net
without needing their own IP assigned by using a shell server they had an
account on, with it's IP address. First done in TIA, then SLiRP.
That was... 1994 or earlier.
And TIA is essentially NAT, implemented in a manner that would be
considered peculiar compared to today's common implementations.
Hmm... guess even then it was at least partly used to conserve IP
addresses, especially when handing out static IPs to every dialup
user was more common. I know of a few universities that used to
hand out SLIP accounts with static IPs quite freely, but then
switched to recommending people use TIA where they could. That
became irrelevant later, of course, when support for dynamically
allocated SLIP addresses became widespread, along with PPP. So in
this case it was both "preserve IPs" and "take revenge against the
evil (provider of some sort)".
However, note that things "created by the IETF" are normally created
by a small group of people with their own agendas. And that there can
be a big difference between the reasons a so-called "standard" was
introduced and the reasons why people deployed it. But it seems quite
true that the demand from dialup/DSL/etc. usres for NAT only really
ramped up after deployment in more corporate settings ramped up.
(sorry, I couldn't resist. Anyone looking for _real_ content on
nanog is already ignoring this thread, so why not... thankfully, 95%
of the irrelevant content on nanog is in long, easily ignored threads.)
1) It wouldn't be the first time the IETF has standardized a hack. Anybody who
doesn't think so is invited to read RFC822, section 3.1.4, ponder the example
given, and ask why people were surprised that few 822 parsers were non-buggy.
2) It would seem to me that if your ISP is being difficult about giving out
more IP addresses, using NAT to take revenge *is* conserving IPv4 space.
You're restricting your usage of external addresses - just as an end user
you're doing it out of financial considerations, not any grandiose altruistic
for-the-benefit-of-the-net reasons.
But then, we all know that altruistic suggestions are (a) off-topic for
this list and (b) always create a flame-fest anyhow. 
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Right, the tradition has roots at least a few years further back
in the hack created by the "poor dialup shell account user" to allow
them to get SLIP (and, at some point, CSLIP and PPP) access to the net
without needing their own IP assigned by using a shell server they had an
account on, with it's IP address. First done in TIA, then SLiRP.
That was... 1994 or earlier.
The earliest was, I think, the program "term" in '92 or '93. I had a Netcom
shell account (who didn't? 
and was using term with Linux oh about 0.98...
Term was the first, TIA and SLiRP followed soon after.
And TIA is essentially NAT, implemented in a manner that would be
considered peculiar compared to today's common implementations.
Ummm, that's an understatement. You had to make guesses how transparent
your
serial terminal link was.... and configure the escape sequences by hand in
term's config file. I think I recall TIA and SLiRP improved upon term by
figuring out most of that automatically.
- ---
Quantum Mechanics: the dreams stuff is made of
TIA was pervasive enough, and causing enough *problems*, that many ISPs
were banning it's use, as of fall, 1994 (I can pin it that accurately due
to circumstances that only existed during that period, when I was dealing
with it).
SLiRP was around by, at latest, mid-1995, in response to it. Linux had
functional masquerade code at that time, as well, though it was a royal
pain to deal with (IE, nothing has changed much 