is writes:

| Yes, but changing the address means more complex protocols are broken.
| FTP through NAT boxes only works via a special hack in the NAT.

Hopefully I can clarify rather than just repeat.

Your "NAT" is a device, a computer that is often general-purpose.

In the computer there is a process which translates network addresses
algorithmically from "inside" ones to "outside" ones, rewriting only
the IP addresses and nothing else.  "Network Address Translation" = "NAT".

In the computer there may ALSO be other processes which do other things.
For example, the "special hack" needed for FTP is a process called an ALG,
which performs translations of things other than the IP header, or even 
does an intercept/terminate/proxy, engaging in two separate conversations.  

| talk through NAT boxes doesn't work to my knowledge, unless somebody 
| has implemented the special hack for talk.

That's right, Application-Layer Gateways are by their nature 
application specific.

| IRC dcc through NAT boxes ... etc etc. 

Again, another application (IRC), another ALG.

| Not to talk about protocols which aren't invented yet.

Anyone who develops NAT-unfriendly protocols in this day
of a NAT-filled Internet is terribly ignorant or terribly stubborn.

| NAT simply isn't part of the solutions, but of the problem.

NAT breaks NAT-unfriendly protocols, like talk/IRC dcc/ftp, which
encode IP addresses in the data stream, rather than DNS names.

ALGs are indeed hacks one can use to make such NAT-unfriendly 
process work in the presence of NAT.

My contention is that NAT-unfriendly protocols are broken,
and should be fixed to use DNS names rather than IP addresses
in the data stream.

	Sean.