nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Arguing against using public IP space

From: Leigh Porter <leigh.porter () ukbroadband com>
Date: Tue, 15 Nov 2011 10:57:32 +0000


On 14 Nov 2011, at 18:52, "McCall, Gabriel" <Gabriel.McCall () thyssenkrupp com> wrote:


Chuck, you're right that this should not happen- but the reason it should not happen is because you have a properly 
functioning stateful firewall, not because you're using NAT. If your firewall is working properly, then having public 
addresses behind it is no less secure than private. And if your firewall is not working properly, then having private 
addresses behind it is no more secure than public. In either case, NAT gains you nothing over what you'd have with a 
firewalled public-address subnet.



Well this is not quite true, is it.. If your firewall is not working and you have private space internally then you are 
a lot better off then if you have public space internally! So if your firewall is not working then having private space 
on one side is a hell of a lot more secure!

As somebody else mentioned on this thread, a NAT box with private space on one side fails closed.

--
Leigh


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________
Previous By Date Next
Previous By Thread Next

Current thread: