Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Internet accessible screened subnet - use public orprivateIPs?

From: Victor Williams <vbwilliams () neb rr com>
Date: Fri, 22 Jul 2005 22:33:50 -0500
I've seen the interesting issues as well. But in 90+% of the networks I deal with, I don't find those issues. It's only when myself and the admin I'm working with has 20 services in the DMZ that needs to be provided publicly, but their ISP has only given them a /29 subnet to use that my head starts to hurt.
My overall point was, if you have the $ for IP addresses or already have them, it's discretionary...it's up to you to use NAT or not. If you don't have the IP addresses to spare, then sometimes you have to get creative. I guess I didn't see the issue as more/less work, or routing/not routing if you knew what you were doing...it just becomes preference of implementation at that point.
however, for a DMZ (the question that was asked) you are typicaly providing service to the Internet, and for that you run into a bunch of very interesting issues if you try to use NAT to reduce the number of IP addresses you use. 

David Lang

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: