>| NAT simply isn't part of the solutions, but of the problem.
>
>NAT breaks NAT-unfriendly protocols, like talk/IRC dcc/ftp, which
>encode IP addresses in the data stream, rather than DNS names.

those protocols embed the ip address since (a) it's much easier to get
at than a hostname (which will map to an ip address) and (b) the local
ip address that it's passing isn't expected to change in the next few
minutes.  ftp has been "fixed", talk could also be "fixed", but dcc
would be a different matter entirely.  also...if *both* ends are using
nat...active vs. passive wrt ftp isn't really much of an argument.

>ALGs are indeed hacks one can use to make such NAT-unfriendly 
>process work in the presence of NAT.

hacks, yes.  yea and verily.

>My contention is that NAT-unfriendly protocols are broken,
>and should be fixed to use DNS names rather than IP addresses
>in the data stream.

imho, nat devices shuld come with the warning that some things will be
broken by the use of this.  tough noogies.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."