IPFilter on OpenBSD
Subject:   NAT *is* "evil and bad"
Date:   2001-08-09 19:43:11
From:   elvolio
NAT is usually a substitute for good network design. There are certain cases where it's a good tool to have, but too many admins rely on it as a crutch. NAT works great in the case where you have a number of workstations that need nothing but outbound access -- and even then there are things that will occasionally be broken (eg Xwindows). Many folks rely on it for security, or because they're too lazy to properly configure their network. Security does not come from obscurity (which is what NAT essentially gives you), and a properly configured network saves everyone a lot of grief.