Re: NAT external/Public IP

["Brett" <dashnu.mutt () gmail com>]

I have 6 external ip addys in my prerouting tables sent inside to rcf 
addresses for services such as smtp imaps http shh.. The question my be 
better answered buy telling us the services you plan to open on these 
machines. Prerouting IMHO is not unsecure.

-b

--------------------------------------------------
From: "Jason Alexander" <jalexander () plus net>
Sent: Thursday, October 25, 2007 11:28 AM
To: <security-basics () securityfocus com>
Subject: RE: NAT external/Public IP

> If its not a security risk then why is it a PCI requirement?
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] 
> On Behalf Of Ansgar -59cobalt- Wiechers
> Sent: 25 October 2007 15:49
> To: security-basics () securityfocus com
> Subject: Re: NAT external/Public IP
>
> On 2007-10-25 crazy frog crazy frog wrote:
> > On 24 Oct 2007 15:46:21 -0000, smarts_buy () yahoo com wrote:
> > > Would like know is ther any security concern to bring in
> > > external/public IP with out NAT to inside of the enterprise network.
> > > Is it any way more secure if we use NAT?
> [...]
> > 2)If you allow lots of machine to direct access the internet with
> > external ip they may pose a security risk.
>
> How would that pose a risk that would not exist with NAT'ed machines?
>
> Regards
> Ansgar Wiechers
> --
> "All vulnerabilities deserve a public fear period prior to patches 
> becoming available."
> --Jason Coombs on Bugtraq