Re: ARIN?

[Mike Pistone <pistone () eurekanet com>]

Although I am almost NEVER one to recommend a Microsoft product BUT MS
Proxy server is actually a very nice product. You can assign a /29 or /30
(I usually give them a /29 since I assign /29's to home dsl connections and
I have the network already subnetted).  On the other side of the proxy you
can use private IP's and it will do the translation automaticly or you can
use IPX/SPX and it will automaticly function as a IPX to IP gateway.  I
don't think there is a proxy client for Unix (any flavor of unix) but they
do have W95/98, W31 and mac.

My only concerns would be how it would scale to large networks.  It has the
ability to function as a daisy-chained proxy server farm where each one
shares the load but I don't have any experience with this setup.

It also has access control (user a can only browse these web sites, user B
can only telnet and ftp, no web...) and very detailed logging of users
traffic.  Both of these features I find sort of "unethical" (wrong word but
you know what I mean) but in a corporate enviroment they require them.


-Mike




At 03:35 PM 11/10/98 -0500, you wrote:
> Thus spake Owen DeLong
> > I think this misses the point.  ARIN doesn't require or want you to SWIP
> > your /30 and /32 allocations.  A network that small just doesn't require
> > that level of public contact visibility.  
>
> I think you missed his point though....with NAT/PAT technology.../30 and
> /32's from ISP's can indeed provide a whole corporate network with
> access (small corporate...not exactly Fortune 500 here, but you get the
> idea)...I second his point on this.  We've got quite a few customers
> that are feeding whole networks with /32's...even providing web servers
> and mail servers via these NAT/PAT boxes that are available now.  Just
> stating that the network only has one or two Internet available IP
> addresses and therefore its too small to be of significance is
> short-sighted at best.  Many of these /32's for us have their own web
> administration, mail administration, and other local administration of
> many of their services.  They use a single IP as almost an inherent
> firewall.  Indeed, I have one customer that uses one of the NAT/PAT
> boxes to actually not have IP on their internal network at *ALL*.  The
> box converts the TCP/IP to IPX/SPX...bizarre, but it works well for
> them.  Anyway, they run their own mail server on this setup, and we do
> very little administrative functioning for them...DNS is it in this
> case.
>
> > As you've pointed out, you'll
> > be doing most of the things that matter (from a contact perspective)
> > for those customers.  As such, it makes sense to use your larger block
> > contact information instead of SWIPing such small networks.  In fact,
> > I'd rather see ARIN move the SWIP requirement back to /26 or so.
>
> Put my vote in for allowing up to /32's.
> -- 
> Jeff McAdams                            Email: jeffm () iglou com
> Head Network Administrator              Voice: (502) 966-3848
> IgLou Internet Services                        (800) 436-4456
-------------------------------------------------------------
Mike Pistone                            pistone () eurekanet com
Systems/Network Administrator                 ph 614.593-5052
Eureka Networks, Ltd.                         fx 614.594-3632