Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NAT for public IPs

From: "Paul D. Robertson" <paul () compuwar net>
Date: Fri, 28 Jan 2005 09:52:37 -0500 (EST)
On Thu, 27 Jan 2005, Jose Hidalgo Herrera wrote:


Hi,
I'll like to know the advantages of having publicly available services
like http and ftp (that can have public IPs) behind NAT in a DMZ with
private IPs.


If you can't subnet, it makes it easier on your brain to use different
networks.  There are lots of people who can't subnet.  If you don't have
enough IP addresses, then PAT might help some.  Assuming you have adequate
addressing and know how to use it, there's no real advantage to NAT.



Example:

Common scenario:
internet -> firewalls -> [servers with public services using public ips]

NAT scenario:
internet -> firewalls -> NAT gateway -> [servers with public services
using private ips]


Actually, it's more common that the firewall does the NAT.

There's no real advantage to it- some folks feel "safer" if everything
isn't immediately routable, but you can do that with host instead of
network based routing if you're that concerned about it.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: