Date: Wed, 02 Jul 2003 15:26:38 -0400 From: Chuck Swiger <cswiger@mac.com> Cc: freebsd-net@freebsd.org Subject: Re: Performance improvement for NAT in IPFIREWALL Message-ID: <3F0331EE.6020707@mac.com> In-Reply-To: <3F0327FE.3030609@tenebras.com> References: <3F0316DE.3040301@tenebras.com> <20030702183838.GB4179@pit.databus.com> <3F0327FE.3030609@tenebras.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Michael Sierchio wrote: > Barney Wolff wrote: >> NAT is not a security feature, > > Many would disagree with that assertion. Many people are wrong, then. NAT is not a security feature. Check the list archives of <firewall-wizards@honor.icsalabs.com>... [ ... ] >> If you believe you need to NAT at even 1Gb, I'd look >> very hard at the requirements. > > Sadly, requirements are often exogenous. Nice word. :-) [ NAT sucks. In a very useful way, of course. Exogenous requirements may impose unreasonable constraints upon implementing the technically preferrable solution, just as "inept excess verbiage may disqualify qualifiers". And "But soft, what light through yonder window breaks?" and other tasty bits from the "Applesoft Reference Manual".... ] -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F0331EE.6020707>