What makes you think that not using NAT exposes internal topology??
Or that internal topology cannot leak out through NAT's ? I have seen NATed enterprises become massively compromised.
NAT allows people to become far too lazy. Your typical NAT allows connections outbound, typically configured without any audit trail, etc., so once a bad guy is inside the "secure NAT firewall," they're free to connect out to the 'net. In comparison, an actual real firewall can prohibit {most, all} outbound access and force the use of proxies. Proxies can provide logging, content scanning, etc., services. Many times, those who argue in favor of NAT as a "firewall" are the same ones who seem to actually be relying on the NAT as inbound protection, but who aren't really doing anything to control their outbound traffic, or IDS, etc. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.