I did not say why NAT is evil because it could be an article in and of itself. Among the reasons I don't like NAT:
- It breaks all but tunneled ESP for IPsec
- Some rely on it for security through obscurity
- It quickly becomes extremely confusing to wade
through multiple layers of NAT'd addresses
- Inbound services must be individually
configured, which gets tough/confusing on
Hang around on the IETF mailing list for a few days. If no one brings NAT up, ask yourself why folks don't like it. And prepare for a lot of mail.