On Wed, 18 Jun 2003 21:55:34 PDT, Michel Py said: > I'm sorry but it is nothing near being that simple. Although if it does > not work through a firewall, it MAYBE because the firewall does block a > class of traffic (more likely because someone forgot to punch the right > hole), there are _plenty_ of other reasons why it does not work through > a firewall, one of the top ones being asymmetric traffic when there is > more than one exit point and the firewall hard state not being > distributed. OK, so firewalls can fail because they're misconfigured or mis-deployed. Death of the Internet Predicted. Film at 11. This is hardly news. Stuff doesn't work right if you mis-set your netmask, or your default route, or your nameserver, or whatever... The point I was making is that if an NNTP connection fails because the firewall is *configured* to say 'None Shall Pass' (insert Monty Python .wav here ;) then that is *proper* behavior. If a VOIP connection fails because the NAT is saying 'None Shall Pass', then that's *broken* behavior. I checked RFC3027. 20 *pages* of things that either break horribly over a NAT, or (as in the Activision example) say "We can hack this to work if we make the permanent restriction that there has to be a server that's NOT behind a NAT and clients have to contact it". Sounds a lot like RFC3344, actually. Great. WHo would *EVER* have thought that the biggest market for IP Mobility was to hack through NAT dain bramage?
Attachment:
pgp00274.pgp
Description: PGP signature