Not logged in
Log in now
Create an account
Subscribe to LWN
Deadline scheduling: coming soon?
LWN.net Weekly Edition for November 27, 2013
ACPI for ARM?
LWN.net Weekly Edition for November 21, 2013
GNU virtual private Ethernet
So why do you call it NAT, if no address is actually translated?
But supporting SCTP has to start somewhere ? Why?
Posted Nov 25, 2009 23:55 UTC (Wed) by foom (subscriber, #14868)
They just say "NAT" because stateful connection tracking and filtering is an integral part of NAT, and
NAT is the most use. Of course it's possible to do a the connection-tracking without the address
rewriting, but the important thing to note it is not any less complex, and causes no fewer problems.
It still prevents you from having an end-to-end internet.
You still want to have protocol-specific parsing in order to find "related" connections which should
be allowed through. (e.g. with FTP). You'd still need a protocol like uPNP or NAT-PMP in order to
advise the firewall to open a hole for things like BitTorrent. There's almost no advantage at that
point versus actually having a NAT.
Posted Nov 26, 2009 7:57 UTC (Thu) by smurf (subscriber, #17840)
Sure there is.
You avoid starving the router of TCP (or SCTP) ports. You avoid having to mangle TCP packets because they happen to contain addresses. You avoid IP address based "one-connection-per-client" limits on servers.
In short, you can use simpler servers and routers. Which translates to fewer bugs and less power-hungry CPUs.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds