Firewall Wizards mailing list archives
Re: Internet accessible screened subnet - use public orprivate IPs?
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Mon, 25 Jul 2005 21:40:57 -0400
Victor Williams wrote:
The whole reason NAT was implemented was because of a very finite (and quickly running out supply, dependending on who you ask) number of publicly routable IP addresses.
Actually, it wasn't. That was something on the horizon, but at the time when we first started selling firewalls IP addresses were still fairly easy to get. The first firewalls I built offered NAT (inherent in the design and then later via "Proxy transparency" in Gauntlet) because a lot of the early firewall customers had IP address ranges that they had picked out of a hat. Only a very few sophisticated customers had internal routing. A lot of Sun customers were using Sun's address range because that's what SunOS' install offered as a default suggestion. So, you have a FORTUNE-big firm that just plunked down $75,000 for an Internet gateway. Your choice is: re-address their network or NAT their traffic. Hmmmm... Let me think about that... It also didn't hurt that back in those days most customers actually were more concerned with security than they are now. So, when you explained to them that there was no IP routed between their network and the Internet, and that the firewall represented a controlled topological gateway between 2 incompatible networks, they "got it." Of course most of those old-school security admins have long since been overruled, outmaneuvered, and moved into other chains of command so that they no longer Impede Progress. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Internet accessible screened subnet - use public orprivate IPs?, (continued)
- Re: Internet accessible screened subnet - use public orprivate IPs? David Lang (Jul 22)
- Re: Internet accessible screened subnet - use public orprivate IPs? Victor Williams (Jul 25)
- Re: Internet accessible screened subnet - use public orprivateIPs? David Lang (Jul 25)
- Re: Internet accessible screened subnet - use public orprivateIPs? Victor Williams (Jul 25)
- RE: Internet accessible screened subnet - use public orprivateIPs? lordchariot (Jul 25)
- RE: Internet accessible screened subnet - use public orprivateIPs? Marcus J. Ranum (Jul 26)
- RE: Internet accessible screened subnet - use public orprivateIPs? R. DuFresne (Jul 27)
- RE: Internet accessible screened subnet - use public orprivateIPs? Luis Bruno (Jul 30)
- RE: Internet accessible screened subnet - use public orprivateIPs? Paul D. Robertson (Jul 30)
- Re: Internet accessible screened subnet - use public orprivateIPs? Dale W. Carder (Jul 30)
- Re: Internet accessible screened subnet - use public orprivate IPs? Marcus J. Ranum (Jul 26)
- RE: Internet accessible screened subnet - use public or private IPs? Sanford Reed (Jul 25)