Firewalls: Re: PIX not first NAT

Firewalls
(July 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: PIX not first NAT
From:	Darren Reed <avalon @ coombs . anu . edu . au>
Date:	Wed, 30 Jul 1997 00:47:28 +1000 (EST)
To:	peter @ baileynm . com (Peter da Silva)
Cc:	tomg @ Cisco . COM, mcr @ sandelman . ottawa . on . ca, firewalls @ GreatCircle . COM
In-reply-to:	<9707290248 . AA28373 @ sonic . nmti . com . nmti . com> from "Peter da Silva" at Jul 28, 97 09:48:02 pm

In some mail from Peter da Silva, sie said:
> 
> > Nat is ip to ip address translation.  Most proxies do Port Address
> > Translation (port mapping). The Cisco PIX has been shipping for over 2 1/2
> > years.
> 
> Translation: "Instead of acknowledging that other NAT technologies were
> already available I'm going to redefine NAT to only mean IP-level NAT,
> even though this list is full of people smart enough to recognise I'm
> blowing marketing smoke."

Peter, I'd side with the Cisco interpretation here (see the RFC on NAT),
although NAT does include N:1 with port remapping, it doesn't (and
shouldn't) include doing things like changing fields in the FTP PORT
command.

Darren

References:

Re: PIX not first NAT
From: peter @ baileynm . com (Peter da Silva)

Indexed By Date	Previous:	Re: Re: Virus Scanner From: Jerry Huyghe <jerry @ eliashim . com>
Indexed By Date	Next:	[no subject] From: mjmccann @ connect . ie
Indexed By Thread	Previous:	Re: PIX not first NAT From: peter @ baileynm . com (Peter da Silva)
Indexed By Thread	Next:	Ganutlet 3.1 on BSD. From: Joseph <jieadmin @ blkbox . com>