Firewall Wizards mailing list archives
Re: NAT for public IPs
From: "Paul D. Robertson" <paul () compuwar net>
Date: Fri, 28 Jan 2005 09:52:37 -0500 (EST)
On Thu, 27 Jan 2005, Jose Hidalgo Herrera wrote:
Hi, I'll like to know the advantages of having publicly available services like http and ftp (that can have public IPs) behind NAT in a DMZ with private IPs.
If you can't subnet, it makes it easier on your brain to use different networks. There are lots of people who can't subnet. If you don't have enough IP addresses, then PAT might help some. Assuming you have adequate addressing and know how to use it, there's no real advantage to NAT.
Example: Common scenario: internet -> firewalls -> [servers with public services using public ips] NAT scenario: internet -> firewalls -> NAT gateway -> [servers with public services using private ips]
Actually, it's more common that the firewall does the NAT. There's no real advantage to it- some folks feel "safer" if everything isn't immediately routable, but you can do that with host instead of network based routing if you're that concerned about it. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- NAT for public IPs Jose Hidalgo Herrera (Jan 28)
- Re: NAT for public IPs Paul D. Robertson (Jan 28)
- Re: NAT for public IPs Kevin (Jan 28)
- <Possible follow-ups>
- Re: NAT for public IPs Randy Grimshaw (Jan 28)
- Re: Multiple firewalls from different manufactureres damnliberals (Jan 28)
- Re: Multiple firewalls from different manufactureres Paul D. Robertson (Jan 28)
- Re: Multiple firewalls from different manufactureres damnliberals (Jan 28)