Mark Newton wrote:
Fine, you don't like rewriting L3 addresses and L4 port numbers. Yep,
I get that. Relevance?
Just out of what I like and might use, GRE (no port), ESP (no port), AH
(no port), SCTP (would probably work fine with NAT, but I haven't seen
it supported yet and because every box doing address rewrites MUST
understand the protocol to perform NAT, it's likely to be back shelved
despite it's cool features. Without NAT, it can be treated like GRE,
ESP, and AH by a firewall, though improved security if the firewall does
understand the protocol). And my favorite, 6-to-4, broken.
There is if you have a dual-stack device, your L4-and-above protocols
are the same under v4 and v6, and you don't want to reinvent the ALG wheel.
ALG only fixes some problems, and it's not required for as much when
address translations are not being performed. In addition, the bugs
caused from address rewrites (and there have been some really poor
implementations at the cheap home router level) will naturally disappear
(to be replaced with new bugs concerning ALG/uPNP I'm sure).
Jack
