[afnog] Mikrotik Router Help
Phil Regnauld
regnauld at x0.dk
Wed Jun 29 16:54:23 EAT 2005
On Wed, Jun 29, 2005 at 02:30:34PM +0100, Brian Candler wrote:
>
> NAT is here, IMO, because it gives people what they *want*. Really.
>
> NAT is a broken version of what I believe would be the real solution:
> NAT allows end users to free themselves entirely and get on with running
> their networks.
Already there you nailed it square on. Solving the abovementioned
problems immediately with NAT trumps any future thoughts of scalability
or "proper" network design.
It's a bit like why Linux these days is increasingly being used
more than *BSD for weird network scenarios. By weird I don't
mean "reverse nat, transparent proxy then ipsec encapsulate", I mean
"source route and forward to another default gateway base on the IP
of the client if he's running HTTP". While "ip" (the ugly undocumented
command that some linux distributions) and "ipchains" (the ugly
firewall/masquerading/rewriting hack that has more GNU long options
than ls).
ipchains and this kind of gross hacks is not what we'd define
"proper network design", but unfortunately that's what people
are doing.
More information about the afnog
mailing list