Agreed NAT's do not create security although many customers believe they do. NAT's _are_ extremely useful in hiding network topologies from casual inspection. What I usually recommend to those who need NAT is a stateful firewall in front of the NAT. The rationale being the NAT hides the topology and the stateful firewall provides the security boundary. Scott C. McGrath On Thu, 30 Oct 2003, Stephen Sprunk wrote:
Now, I'm not claiming that every device capable of IPv4 NAT is currently able to function in this way, but there are no technical barriers to
Thus spake <Michael.Dillon@radianz.com> prevent
manufacturers from making IPv6 devices that function in this way. The IPv6 vendor marketing folks can even invent terms like NAT (Network Authority Technology) to describe this simple IPv6 firewall function, i.e. IPv6 NAT.
Or you could simply call it what it is -- a firewall -- since that's what most consumers think NAT is anyways.
While I disagree with the general sentiment that NATs create security, the standard usage of such devices is certainly that of a stateful firewall.
S
Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking