Date: Fri, 12 Nov 1999 12:06:31 -0700 From: Warner Losh <imp@village.org> To: Ollivier Robert <roberto@keltia.freenix.fr> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Should jail treat ip-number? Message-ID: <199911121906.MAA18259@harmony.village.org> In-Reply-To: Your message of "Thu, 11 Nov 1999 20:52:38 %2B0100." <19991111205238.A52039@keltia.freenix.fr> References: <19991111205238.A52039@keltia.freenix.fr> <199911090824.KAA90295@zibbi.mikom.csir.co.za> <22398.942136151@critter.freebsd.dk> <19991110000004.A37063@keltia.freenix.fr> <19991111010837.C48604@server.nostromo.in-berlin.de>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <19991111205238.A52039@keltia.freenix.fr> Ollivier Robert writes: : NAT breaks too many things (like IPsec, incoming connections and many : protocols) to be anything else than an abomination in my eyes. It breaks any protocol that encodes an IP address and/or a port into the data stream. Without datastream snooping and translation, talk, ftp real autio and a few others would break. When I was working on TIA (a commercial SLIRP-like program) we ran into these problems all the time. As soon as we put in upgrades for a recently released protocol, a new one would come along, or an old one would break in subtle ways (eg, we did the translation when we had no business doing the translation) leading to configuration nightmares. When it worked it was cool, when it didn't... This is why you can't, for example, NAT China :-) Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911121906.MAA18259>