Firewall Wizards mailing list archives
Re: NAT for public IPs
From: "Randy Grimshaw" <rgrimsha () syr edu>
Date: Fri, 28 Jan 2005 12:01:26 -0500
I will chime in here with the implementation that we have done. As a university with high periodic influx of new machines we have defined 2 additional private networks as helper addresses on our routers for each production subnet. Private networks are routable on the LAN but not on the internet. We have additional ACLs in place that fully isolate the private networks save the desired exceptions such as registration and software update servers. To avoid OSPF miscalculations each backbone router uses a different class B network assignment for hosted private networks - these routes are defined statically. DHCP assigns clients to one of the 2 private networks for unregistered and quarantined systems respectively. In the case of windows OS the registration is performed by software distributed on CD that pre-scans the machines. As part of the IP management system, router ARP histories are collected hourly that among other things tells us when someone is accessing the network improperly. It is not quite in the class of Bradford software CAT or Northwestern/UB NetPass but we cannot yet support VLANs to the desktop enterprise wide. This could also be expanded to wireless if we wanted to. <><Randy <><Randall Grimshaw Room 203 Machinery Hall Syracuse University Syracuse, NY 13244 315-443-5779 rgrimsha () syr edu _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- NAT for public IPs Jose Hidalgo Herrera (Jan 28)
- Re: NAT for public IPs Paul D. Robertson (Jan 28)
- Re: NAT for public IPs Kevin (Jan 28)
- <Possible follow-ups>
- Re: NAT for public IPs Randy Grimshaw (Jan 28)
- Re: Multiple firewalls from different manufactureres damnliberals (Jan 28)
- Re: Multiple firewalls from different manufactureres Paul D. Robertson (Jan 28)
- Re: Multiple firewalls from different manufactureres damnliberals (Jan 28)