Firewall Wizards mailing list archives

RE: the infamous "static" versus "nat"

From: "Bruce Smith" <bruce_the_loon () worldonline co za>
Date: Sun, 9 Apr 2006 15:25:15 +0200

Hi

The single biggest difference I've found between doing using static and nat
is that nat allocates the translation from the bottom of the subnet up,
while a static across a subnet maps directly. 

NAT - 10.1.1.0 -> 10.1.1.0 (in order of access)
10.1.1.1 -> 10.1.1.1
10.1.1.23 -> 10.1.1.2
10.1.1.109 -> 10.1.1.1.3
10.1.1.2 -> 10.1.1.4

Static 10.1.1.0 -> 10.1.1.0 (in order of access)
10.1.1.1 -> 10.1.1.1
10.1.1.23 -> 10.1.1.23
10.1.1.109 -> 10.1.1.1.109
10.1.1.2 -> 10.1.1.2

Beyond that, we tend to use statics from outside to dmz/inside and where we
need a direct IP to IP for DNS/WINS based back-connects. Otherwise we use
NAT as it is easier to maintain.

Regards,

Bruce Smith

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Vahid
Pazirandeh
Sent: Wednesday, April 05, 2006 8:02 PM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] the infamous "static" versus "nat"

Hi All.  Great mail list btw, thanks to everyones input.

Two basic questions.

1. I've heard the convention of using "static" for low-to-high NATing and
"nat/global" for high-to-low.  Why?

2. Would someone explain the underlying differences in these two commands?
Do they achieve the same thing?  Assume net1 = 10.1.1.0/24, net2 =
10.2.2.0/24.

A. static (net1, net2) 10.1.1.0 10.1.1.0 netmask 255.255.255.0 B. static
(net2, net1) 10.2.2.0 10.2.2.0 netmask 255.255.255.0

Cheers!

=============================================
 "Make it better before you make it faster."
=============================================

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com _______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

the infamous "static" versus "nat" Vahid Pazirandeh (Apr 07)
- Re: the infamous "static" versus "nat" Avishai Wool (Apr 09)
- RE: the infamous "static" versus "nat" Bruce Smith (Apr 09)