Re: Hiding NATs with PF

From: jpd (read_the_sig_at_do.not.spam.it.invalid)
Date: 09/29/05 

Date: 28 Sep 2005 23:08:43 GMT

Begin <7oslj1tu7n5b9j2pa6e3shqq1bo4r9f23t@4ax.com>
On 2005-09-28, Greg Hennessy <me@privacy.org> wrote:
> On 28 Sep 2005 11:02:55 -0700, "Max Bolingbroke"
><batterseapower@hotmail.com> wrote:
[max, please do include attribution lines]
>>The claim is that a NAT router causes upstream routing headaches.
>>Is this true?
>
> If it's injecting bogus dynamic routing information into whatever IGP
> they are using, yes potentially.
>
> But for a SoHo appliance methinks not.

Well, they might still run RIP. I know for a fact that it's still in
use in places. And AFAIK there do exist SoHo devices that support
it. Nevermind the half-cluebie who thinks ``I want a router, I need
routed!!1!'', despite being not true and in at least the FreeBSD
handbook documented as such.

At my last place of work[1] I was sorely tempted to setup a fake routed
that injected bogus routes into our uplink, as there were RIP announcements
coming in over that line, ie from the demarc. In retrospect it was probably
the SDSL box on site that did it, but I never bothered to find out exactly
and fix it. It did neither anything useful nor anything harmful, and there
were no users in the neighbourhood to fsck with it.

I didn't bother also in the interests of a good working relationship with
their technical people. They had a really small staff (small isp, only
two techs or so) so I almost never had to deal with ``1st line support'',
instead just starting to talk tech and the secretary would ask me to hold
and get the person on call who'd understand what I'd said. :-)

[1] As a systems and networks admin. 

-- 
  j p d (at) d s b (dot) t u d e l f t (dot) n l .