$Id: nat-problem.html,v 1.1 2007/07/16 04:42:51 itojun Exp $NAT, Network Address Translator, rewrites IPv4 header on the trespassing packets. This is the key idea at the same time the biggest source of the problem.
Rewriting IPv4 header is totally evil, which violates end-to-end principle. "End-to-end principle" is the most important design factor of the Internet.
For instance, any protocol that carries IPv4 address in the packet payload, they will not be able to go through the NAT box. Examples include File Transfer Protocol - FTP, and H.323 internet phone/ teleconferencing protocol. Expensive NAT devices can handle them, but all of the NAT devices are cursed and not future-proven. Comsumers have to upgrade firmware in the NAT devices constantly, forever.
This is not the way Internet routers are designed - in fact, without NAT, history tells us that there are very old routers like CISCO AGS device, very early CISCO router, lived happily like 20 years, without firmeware upgrades.
[IPv6 demystified] [IPv6Samurais] [itojun]