From: Alan McKinnon <alan.mckinnon@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [Bulk] Re: [gentoo-user] /etc/hosts include file?
Date: Sun, 10 Mar 2013 07:19:14 +0200 [thread overview]
Message-ID: <513C17D2.7080008@gmail.com> (raw)
In-Reply-To: <20130310014256.GA27509@waltdnes.org>
On 10/03/2013 03:42, Walter Dnes wrote:
> On Fri, Mar 08, 2013 at 07:41:13PM -0500, Michael Mol wrote
>
>> The trouble with NAT is that it destroys peer-to-peer protocols. The
>> first was FTP in Active mode.
>
> In its day, it was OK. Nowadays, we use passive mode. What's the
> problem?
>
>> SIP has been heavily damaged as well. Anyone who's used IRC is
>> familiar with the problems NAT introduces to DCC.
>
> Every ADSL router-modem I've run into recently has port-forwarding.
>
>> Anyone who's ever played video games online,...
>
> A *CLIENT* that can't operate from behind NAT is totally brain-dead.
>
>> or who's tried hosting a Teamspeak or Ventrillo server, has had NAT
>> get in their way as well.
>
> Port-forwarding.
All those examples you give are much like a bunch of home machines
sitting behind a NAT gateway onto the internet. That's actually OK and I
reckon that is the intended use of NAT. Personally, I'd prefer all of my
machines to have a public address but there's no chance in hell my
NetOps colleagues are giving me that with my DSL connection.
We have any years of experience now with consumer connections and the
users that use them, these guys mostly can't admin a machine to save
their lives, so NAT in their case is a good thing on balance.
The true evil of NAT comes about when some clown starts implementing it
on the network itself. I'm in city X, we have a large office in city Y,
and most of the traffic Y->X goes through a *router* doing NAT. No-one
knows anymore why this was originally done but we all know what it will
take to undo it. To get our backend systems to work for client in city Y
I have to put in the cursed "any any" firewall rules, and that sends our
Risk fellows ballistic for good reason. But I have no choice, the
network design essentially discarded all information as to who the
client is, so now I must allow all of them.
Any real-life network that grew organically over several years is always
going to be rife with examples of fuck ups like this, always done in the
name of expediency. I have lots of such examples, the above is only the
first that came to mind.
So whereas NAT behind a home router for IPv4 is good, in almost every
other usage I've seen it is bad and really just a case of a solution
used in places it never ever belonged.
--
Alan McKinnon
alan.mckinnon@gmail.com
next prev parent reply other threads:[~2013-03-10 5:21 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-07 22:24 [gentoo-user] /etc/hosts include file? Alan McKinnon
2013-03-07 23:50 ` Michael Mol
2013-03-08 0:29 ` Michael Mol
2013-03-08 8:32 ` Alan McKinnon
2013-03-08 13:40 ` Michael Mol
2013-03-08 13:54 ` Alan McKinnon
2013-03-08 19:50 ` [Bulk] " Kevin Chadwick
2013-03-08 19:55 ` Michael Mol
2013-03-08 21:49 ` Kevin Chadwick
2013-03-08 22:36 ` Pandu Poluan
2013-03-09 0:50 ` Kevin Chadwick
2013-03-09 3:27 ` Michael Mol
2013-03-09 12:53 ` Kevin Chadwick
2013-03-10 21:28 ` Michael Mol
2013-03-11 23:09 ` Kevin Chadwick
2013-03-12 5:05 ` Michael Mol
2013-03-09 0:13 ` Walter Dnes
2013-03-09 0:41 ` Michael Mol
2013-03-10 1:42 ` Walter Dnes
2013-03-10 4:59 ` Michael Orlitzky
2013-03-10 21:09 ` Michael Mol
2013-03-10 5:19 ` Alan McKinnon [this message]
2013-03-10 21:07 ` Michael Mol
2013-03-10 21:43 ` Alan McKinnon
2013-03-10 22:02 ` Michael Mol
2013-03-11 4:00 ` Walter Dnes
2013-03-11 4:37 ` Michael Mol
2013-03-11 8:22 ` Alan McKinnon
2013-03-11 22:45 ` Walter Dnes
2013-03-11 23:39 ` Kevin Chadwick
2013-03-12 3:58 ` Walter Dnes
2013-03-12 0:25 ` Alan McKinnon
2013-03-12 2:02 ` Michael Mol
2013-03-12 11:29 ` Alan McKinnon
2013-03-13 0:26 ` [Bulk] " Kevin Chadwick
2013-03-11 23:31 ` Kevin Chadwick
2013-03-12 0:37 ` Alan McKinnon
2013-03-09 0:45 ` Kevin Chadwick
2013-03-09 3:21 ` Michael Mol
2013-03-09 12:53 ` Kevin Chadwick
2013-03-10 22:00 ` Michael Mol
2013-03-11 1:56 ` Michael Orlitzky
2013-03-11 2:33 ` Michael Mol
2013-03-11 22:34 ` Kevin Chadwick
2013-03-12 3:36 ` Michael Mol
2013-03-08 15:39 ` Florian Philipp
2013-03-08 4:30 ` Pandu Poluan
2013-03-08 8:23 ` Alan McKinnon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=513C17D2.7080008@gmail.com \
--to=alan.mckinnon@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox