nanog mailing list archives
Re: Security gain from NAT
From: Donald Stahl <don () calis blacksun org>
Date: Tue, 5 Jun 2007 20:10:59 -0400 (EDT)
Have at it. Nothing like trying to reach 10.10.10.10 nad having to put in a dns entry pointing to 172.29.10.10, NAT'ing the address on your side to their side and from their side back to your side, and adding the rules. That's definitely simpler than allow a -> b for service c.Sure, very easily, by using NAT between the subnets.
Easily map them? Sure- I can do my external tcpdump, see some funny traffic, then match that up with the dynamic nat's. That's a lot easier than just going "oh, hey, it's this user" without any further steps.Can you clarify this claim? What about managing NAT is allegedly difficult. Are you unable to easily map public addresses with private addresses on your own networks?
I, for one, give up. No matter what you say I will never implement NAT, and you may or may not implement it if people make boxes that support it. Clearly neither of us will change our minds so why bother. I'm sure we've both gotten supportive emails in private and both know we are "right." In the end it isn't going to change a thing.
-Don
Current thread:
- Re: Security gain from NAT Roger Marquis (Jun 04)
- Re: Security gain from NAT Donald Stahl (Jun 04)
- Re: Security gain from NAT brett watson (Jun 04)
- <Possible follow-ups>
- Re: Security gain from NAT Roger Marquis (Jun 05)
- Re: Security gain from NAT Donald Stahl (Jun 05)
- Re: Security gain from NAT Donald Stahl (Jun 05)
- Re: Security gain from NAT Roger Marquis (Jun 05)
- Re: Security gain from NAT Valdis . Kletnieks (Jun 05)
- Re: Security gain from NAT Roger Marquis (Jun 05)
- Re: Security gain from NAT Bill Stewart (Jun 06)
- Re: Security gain from NAT Nathan Ward (Jun 06)
- Re: Security gain from NAT Donald Stahl (Jun 05)
- Re: Security gain from NAT Stephen Sprunk (Jun 06)
- Re: Security gain from NAT David Conrad (Jun 06)
- Re: Security gain from NAT Mark Smith (Jun 06)
- Dead Thread (Re: Security gain from NAT) alex (Jun 06)
- Re: Security gain from NAT Donald Stahl (Jun 04)