> Valdis Kletnieks wrote: > The point I was making is that if an NNTP connection fails because > the firewall is *configured* to say 'None Shall Pass' (insert Monty > Python .wav here ;) then that is *proper* behavior. If a VOIP > connection fails because the NAT is saying 'None Shall Pass', then > that's *broken* behavior. IMHO what you don't get is that in most cases, BOTH say 'None Shall Pass' and that would be a normal behavior for both. Don't get me wrong, I do not defend NAT. The point I was trying to make is this: it is a waste of time to say that NAT sucks. We know it. For IPv4, it's too late to change. IMHO, here is the deal: IPv4 NAT does suck, but there is nothing we can do to remove it; so the only worthy efforts are 1) maybe try to make it less worse (I will not go as far as saying better) and 2) let's not make the same mistake with IPv6. Michel.