[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-misc
Subject:    Re: Firewall NAT
From:       Dave Taira <bodhi () hagakure ! org>
Date:       2001-02-28 22:52:42
[Download RAW message or body]

On Wed, 28 Feb 2001, Kit Halsted wrote:

> Gotcha. I think we both understand each other's points of view, but
> would agree to disagree if it wasn't a situation where a decision is
> required. I think streaming media & other such things that break
> under Many:1 NAT will end up being the deciding factor.

Huh. Hadn't thought of that. Do you have any examples? At home, I've
only got a singles Windows box behind my NAT/firewall OpenBSD box.
I haven't had any problems with streaming mp3s or Windows Media streams.
I generally avoid RealMedia because A) I'm annoyed by places that
don't do it over port 80, and B) Windows Media streams seem to always
be of higher quality.

> I think the client's preference is to sit back & watch us argue with
> a big grin on his face.

Ha! I hope you are providing good value, then. 8)

> I'm not sure I understand how it's more work, unless I'm
> misunderstanding the IPNAT FAQ. I should be able to tell IPNAT to map
> my public space to my private space in one line, no?

Ah, whoops. I was thinking bimap, for a one-to-one correlation. That
way, if you receive complaints about a user from a.b.c.10, you can
map that to x.y.z.10, and go beat the appropriate person about the
head and shoulders. That's what I meant about accountability. And
more work. But yeah, if you're just using map to get many-to-many,
you can do a one-liner.
+------------------------------------------------------------------------+
| Dave Taira <bodhi@hagakure.org>                2001.02.28/14:52:43 PST |
| Morlock for Hire                                                       |
+------------------------------------------------------------------------+
| "I'm from a competing gene pool."                            --Brand X |
+------------------------------------------------------------------------+

[prev in list] [next in list] [prev in thread] [next in thread]