[afnog] Mikrotik Router Help

Phil Regnauld regnauld at x0.dk
Wed Jun 29 16:54:23 EAT 2005


On Wed, Jun 29, 2005 at 02:30:34PM +0100, Brian Candler wrote:
> 
> NAT is here, IMO, because it gives people what they *want*. Really.
> 
> NAT is a broken version of what I believe would be the real solution: 

> NAT allows end users to free themselves entirely and get on with running 
> their networks.

	Already there you nailed it square on.  Solving the abovementioned
	problems immediately with NAT trumps any future thoughts of scalability
	or "proper" network design.

	It's a bit like why Linux these days is increasingly being used
	more than *BSD for weird network scenarios.  By weird I don't
	mean "reverse nat, transparent proxy then ipsec encapsulate", I mean
	"source route and forward to another default gateway base on the IP
	of the client if he's running HTTP".  While "ip" (the ugly undocumented
	command that some linux distributions) and "ipchains" (the ugly
	firewall/masquerading/rewriting hack that has more GNU long options
	than ls).

	ipchains and this kind of gross hacks is not what we'd define
	"proper network design", but unfortunately that's what people
	are doing.

	



More information about the afnog mailing list