John Loughney wrote:
Lars-Erik,
From: Michel Py [mailto:michel@xxxxxxxxxxxxxxxxxxxxxxxxxxx]
Unfortunately some protocol purity zealots still have to realize
that Linksys, Netgear, Belkin and consorts don't sell NAT boxes
because they think NAT is good, they sell NAT boxes because
consumers want to buy them.
I do not think consumers in general want to buy NAT boxes, but
they are forced to do so by ISP's who do not give them a choice.
We're over-analyzing things. The last 3 WLAN APs I bought had NAT on by default; 2 of them it was impossible to turn this off. I got into long discussions with tech support who were telling me it is impossible to design a WLAN AP-router combo that didn't NAT.
Just for curiousity: The TI chipset AR7 is the core of a couple of boxes.
The all run linux and you can telnet them. They can route. No need for NAT
My box is an Eumex 300 IP from t-online.de
It is the same as the Fritzbox from AVM.
Netgear, Siemens, Linksys and D-link produce similar boxes.
I remember some people at RIPE loudly thinking about writing their own
software for the Netgear or the Linksys.
My DSL provier offers me 5 DHCP address for free (consumer grade connection) and my mobile carrier is now using real IP address for GPRS (they had too many problems caused by NATed IP addresses).
DHCP is almost as bad as NAT is. Best get an aDSL-modem, if you are connected by aDSL
then distribute the line via a switch and let your five coputers to the PPPoE stuff.
So your computers are the DHCP clients and can dyndns or whatever.
In practice, I've needed to power-cycle these NAT boxes every few weeks, to clear out the garbage. The most common things most ISP tech support lines are "unplug your router/AP/box", count to 60 and plug it back in.
I have had that same power-cycle problems with a GrandStrem ATA for my VoIP.
My ISP dtag.de or t-online.de forces a disconnect every 24 hours. Sometimes
they dont disconnect very cleanly and the Grandstream breaks.
Best forget GrandStream. It breaks ICMP and it has problems with ssh and
telnet passing through. Problably it does not get MTU correctly from
people living behind tunnels. Their support never cared to answer.
A Siemens router is now connected for half a yaer without any power-cycles.
I guess the box is one of those AR7 linux boxes.
My eumex too did not show any problems except for nagging about undisciplined
disconnects form my ISP.
However, if I am just a normal user, go to Best Buy and pickup a home WLAN Access Point, I'll have a NAT by default. There is no "NAT inside" logo on the box, nor are there clear instructions on how to turn this off. Vendors have turned NAT on by default because it is easier for them; not because the market has asked them to.
I guess if you are a normal user then you are a loser anyhow.
Those people normally have open windows and they dont know
how to close them :)
Putting those people behind triple NAT would not only save their
harddisk some viruses but it would save our bandwidth too -
keeping them from p2p each other :)
As for reference, my local paper started, computer stores started advertising "NAT firewalls" around 1998-99. When NATs first came to a the market, the marketing message was that NATs provided a security feature. Still, I have far too many tech support discussions where there is common confusion between NAT & firewall features. I don't think it is really intellectually honest to say the market has chosen NATs because it is what they wanted - it is a band-aid fix for a couple of different problems, which it kind of solved, but creates some ugly side effects.
To get around these side effects, people are deploying ALRs, B2BUA and SBCs to help fix the side-effects (and to do other things). Human nature being what it is, we'll probably keep applying these quick fixes, until it gets far to messy and someone comes in and wipes these away with a new solution. Circuit switching, ATM, ISDN, etc. all have been useful for some solutions - but when you try to go beyond what they have been designed for, you tend to have to apply patches and hacks to get things working.
John
Cheers
Peter and Karin
--
Peter and Karin Dambier
The Public-Root Consortium
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter@xxxxxxxxxxxxxxxxxxxxx
mail: peter@xxxxxxxxxxxxxxxx
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf