IPFilter on OpenBSD
Subject:   NAT
Date:   2001-09-27 16:48:03
From:   mbertsch
I did not say why NAT is evil because it could be an article in and of itself. Among the reasons I don't like NAT:

- It breaks all but tunneled ESP for IPsec
- Some rely on it for security through obscurity
- It quickly becomes extremely confusing to wade
through multiple layers of NAT'd addresses
- Inbound services must be individually
configured, which gets tough/confusing on
large networks
Hang around on the IETF mailing list for a few days. If no one brings NAT up, ask yourself why folks don't like it. And prepare for a lot of mail.