Date: Tue, 13 Mar 2001 10:49:27 -0800 From: Robert Clark <res03db2@gte.net> To: Ted Mittelstaedt <tedm@toybox.placo.com> Cc: Bob Van Valzah <Bob@Talarian.Com>, pW <packetwhore@stargate.net>, FreeBSD-Security@FreeBSD.ORG, FreeBSD-Questions@FreeBSD.ORG Subject: Re: Racoon Problem & Cisco Tunnel Message-ID: <20010313104927.A59404@darkstar.gte.net> In-Reply-To: <000801c0ab8b$81d99ca0$1401a8c0@tedm.placo.com>; from tedm@toybox.placo.com on Mon, Mar 12, 2001 at 11:02:03PM -0800 References: <3AACF40D.4080504@Talarian.Com> <000801c0ab8b$81d99ca0$1401a8c0@tedm.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ted, do you know of any online guidelines to wrting protocols that function well with NAT? Or maybe a list of protocols that don't work well with NAT? Thanks, [RC] On Mon, Mar 12, 2001 at 11:02:03PM -0800, Ted Mittelstaedt wrote: > >-----Original Message----- > >From: owner-freebsd-questions@FreeBSD.ORG > >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Bob Van Valzah > >Sent: Monday, March 12, 2001 8:07 AM > >To: pW > >Cc: FreeBSD-Security@FreeBSD.ORG; FreeBSD-Questions@FreeBSD.ORG > >Subject: Re: Racoon Problem & Cisco Tunnel > > > > > >Yes. The five DSL setups with which I'm familiar all grant at least one > >public address per house. I believe all are static, but one might be > >dynamic. Interference with protocols like IPSec is one of the reasons > >why I'd make a public address a requirement when choising a DSL > >provider. When it comes to NAT, I'm with Vint Cerf--avoid it if at all > >possible. Let's hasten the deployment of IPv6. > > > -snip- > > NAT has proven itself reliable and vital and idiot engineers that design TCP > protocols that assume everyone has a public IP number are just architecting > their own failures, and their protocol's subsequent minimizing by the > market. I have some sympathy for protocols like IPSec that came to be > during the same time - but organizational-to-organizational IPSec tunnels > don't have to pass through the NAT - they can terminate on it. But, anyone > doing a new protocol today is a fool if it can't work though a NAT. > > > > Ted Mittelstaedt tedm@toybox.placo.com > Author of: The FreeBSD Corporate Networker's Guide > Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010313104927.A59404>