From: Greg A. Woods (no email)
Date: Fri Jan 02 2004 - 19:40:54 EST
[ On Friday, January 2, 2004 at 17:57:48 (-0500), Jim Seymour wrote: ]
> Subject: Re: Acceptance of domain literals
>
> "Greg A. Woods" <> wrote:
> >
> > Personally I would never ever even dream of running a mail server behind
> > a NAT. This is far from the only problem you'll encounter.
>
> What other problems is one likely to encounter?
It depends somewhat on exactly what NAT implementation you're using, but
typically many of the low level protocol error handling mechanisms
either get trashed beyond recognition by a NAT, or don't work at all, so
error handling at the connection level will be broken with the result
that any number of strange symptoms will appear and be almost impossible
to diagnose (especially by anyone who might think running a server
behind a NAT is an OK think to do :-).
Many other common errors can be masked, hidden, transformed, or
otherwise butchered by a NAT too, depending on what else has to pass
through the thing (e.g. DNS).
The only time you really have to run a mail server behind a NAT is
almost always a scenario where you're not supposed to, or at least not
expected to, be running any servers in the first place. Either that or
you're dealing with such a confused and ignorant firewall administrator
that NAT issues are going to be the least of your troubles.
-- Greg A. Woods +1 416 218-0098 VE3TCP RoboHack <> Planix, Inc. <> Secrets of the Weird <>
|
|
|