Monday, June 23, 2003

I am learning something about NAT.  I am also learning something about blogging.  For a while, I would write a blog, and then wait for the outcome.  So I haven’t been blogging  for several month.  Blogging is about documenting the process. Anyway, back to NAT.  I have been having problems with my home network.  I have a Dell desktop, a switch that calls itself a hub, and a wireless access point.  I have been having all kinds of trouble with intermittent inability to do things on the network.  Being an engineer by temperament, I took this situation as an opportunity to learn about my home network.  Here are some of the things that I learned. Although my Linksys is clearly labeled as a hub, it doesn’t replicate non-broadcast traffic between ports.  The only way to sniff traffic is the have the traffic sniffer on each machine. Setting up a Redhat machine as a router is pretty simple if you remember that the firewall is on by default. Setting up a Redhat machine to route to a subnet behind the Redhat box is complicated if it is behind a NAT device.  If you lie in just the right way to the DHCP/NAT machine and the Redhat machine it should work… Personal firewalls are blamed for more problems than they really cause. NAT breaks normal network debugging tools The reason that NAT is evil is that it breaks a fundamental design goal of TCP/IP.  It breaks the universal connectivity between any two nodes on the internet.  A firewall also breaks the universal connectivity property of TCP/IP, but that is another blog.  If there is universal connectivity and I can ping from one device to another, then all of the TCP/IP programs work.  Ping means that a device is connected.  NAT breaks this property.  NAT also wastes a bunch of time.  It complicates the debugging process by introducing subtle differences in the way the network behaves.  My original complaint was that email worked on my laptop connected via wireless, but that SSH, some web sites and some other applications didn’t.  The ah ha moment was when I powered off all of the network and computer components, powered them back on and found that if I tried one of the “broken” web sites, it worked, but now email didn’t work.  The problem was port specific. At this point I decided that becoming an expert on the vagaries of NAT is not a good use of time.  My new DSL provider will give me five real addresses.  I have to spend two weeks with only cellular connectivity for my laptop, but I get to be a full member of the internet community at home. 10:21:29 AM