> > no, that would be *really* ugly. because then you'd expect the > > NAT box to know how to intercept every application you'd want > > to use, despite the fact that those applications are evolving > > and the set of those apps is changing constantly. so you'd have > > to upgrade your NAT every time you upgraded installed a new app. > > What's the difference with the way it already is? The ALG component > does need to know about the app already. only for those apps that are NAT-sensitive. what you propose would make every app NAT-sensitive, and increase the rate of failures due to intermediaries that intercept protocol interactions and botch them.