Zefram writes: > My question for the list is is there a web page or > other document anywhere that comprehensively states > the case against NAT? If your new administrator is of the type who fixes things that aren't broken, it may be the admininistrator that needs replacement, not the network configuration. As you point out, you aren't short on address space (the primary reason for NAT). Security is not a problem for NAT, since any good netadmin is going to know how to block and route traffic with routers, firewalls, proxies, etc., to avoid problems. Too bad if it is time-consuming ... that's what he is being paid for, so he can't complain. Admininstrative convenience is not a reason, either. If admininstration were that convenient, his position would be redundant. In any case, restructuring an entire network so that one can spend more time playing Doom in one's cube is a very poor justification for the operation. NAT has obvious disadvantages. The Internet is not designed to address multiple machines with one IP address, and lots of things will break when NAT is in place. Incoming machine-specific traffic is the major problem. Chat and instant messaging services will fail, and there is no way to get them to work with NAT. Streaming services may fail as well. NAT can compromise point-to-point security. Overall it's a clever but nasty kludge that I cannot see implementing if it isn't required. It works for SOHO configurations with just one public IP address and the like, but it seems like a very poor idea for any organization that doesn't have an address shortage.