Firewall Wizards mailing list archives
Re: NAT for public IPs
From: Kevin <kkadow () gmail com>
Date: Fri, 28 Jan 2005 09:58:42 -0600
On Thu, 27 Jan 2005 11:23:17 -0600, Jose Hidalgo Herrera <jose () hostarica com> wrote:
I'll like to know the advantages of having publicly available services like http and ftp (that can have public IPs) behind NAT in a DMZ with private IPs. Example: Common scenario: internet -> firewalls -> [servers with public services using public ips] NAT scenario: internet -> firewalls -> NAT gateway -> [servers with public services using private ips]
NAT adds flexibility. For example, one public IP address might actually be directed to a load-balanced pool of servers; the load-balancer does the NAT and knows about all of the available private IPs. Or you could redirect different services for that one public IP to different servers, the IP address of "example.com" on port 80 might go to the web server(s), while connections on port 25 would go to a mail server, etc. There are drawbacks -- some server software and some scripting backends will try to rewrite URLs with what the app thinks is the "real" IP of the server, or will otherwise reveal the private addressing. Protocols like FTP and IPSEC add complexity to NAT.
Sorry if this is a dummy question.
Actually, a good question. Kevin _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- NAT for public IPs Jose Hidalgo Herrera (Jan 28)
- Re: NAT for public IPs Paul D. Robertson (Jan 28)
- Re: NAT for public IPs Kevin (Jan 28)
- <Possible follow-ups>
- Re: NAT for public IPs Randy Grimshaw (Jan 28)
- Re: Multiple firewalls from different manufactureres damnliberals (Jan 28)
- Re: Multiple firewalls from different manufactureres Paul D. Robertson (Jan 28)
- Re: Multiple firewalls from different manufactureres damnliberals (Jan 28)