One of the biggest problems with NAT is that individual systems no longer have a unique identifier on the public side of the gateway. This poses considerable problems when it comes to network abuse, such as security incidents or copyright violations, as there is no longer any means of isolating a particular host at the level of the backbone network, nor can OUCS's central logs identify the individual host concerned.
The requirement for traceability is described in detail within the OxCERT documentation on Logging of network usage, and has a section on NAT. Please read this and ensure that you are able to comply with OxCERT's expectations. Bear in mind that even if you are logging all necessary information, OxCERT will in general have no immediate access to your logs or to any means of restricting network access for an individual system within your network. Severe threats may require immediate action, including a complete IP block against your NAT gateway. Also worth bearing in mind is the type of NAT traversal i.e. "cone" or "symmetric" NAT as defined in RFC3489. Use of "cone" NAT traversal could adversley affect traceability on busy networks as inbound traffic may be incorrectly associated with a given internal host.
To avoid your NAT gateway being mistaken for a standard host, OUCS strongly
recommend that you give it a distinctive name in the DNS, for example
student-nat.unit.ox.ac.uk. High traffic levels or usage patterns
which would be abnormal for a single host might reasonably be expected of
NAT gateways. In the past, the lack of distinct labelling has caused blocks
to be placed NAT gateways as a result of relatively mild security problems
or copyright infringements. This may be standard practice for a single
host, but where there may be considerable collateral damage against
unaffected hosts, this will be taken into account before imposing a block
against a NAT gateway. Immediate blocks against known NAT gateways will
only be imposed in those cases where the immediate risks to others outweighs
the disruption caused by cutting off network access to all hosts behind