nanog mailing list archives
Re: Security gain from NAT
From: Roger Marquis <marquis () roble com>
Date: Tue, 5 Jun 2007 17:44:40 -0700 (PDT)
Sure, very easily, by using NAT between the subnets.Have at it. Nothing like trying to reach 10.10.10.10 nad having to put in a dns entry pointing to 172.29.10.10
End-users prefer hostnames to IPs. DNS hostnames are valid on both sides due to either local zone files or a DNS protocol-NAT. It's a no-brainer to implement and a lot easier than using public address space given the relatively complex firewalling and filtering that requires.
NAT'ing the address on your side to their side and from their side back to your side, and adding the rules. That's definitely simpler than allow a -> b for service c.
Not simpler than running something like "fixup protocol dns" on a VPN termination.
I, for one, give up. No matter what you say I will never implement NAT, and you may or may not implement it if people make boxes that support it.
Most of the rest of us will continue to listen to both sides and continue to prefer NAT, in no small part because of the absurd examples and inconsistent terminology NATophobes seem to feel is necessary to make their case. -- Roger Marquis Roble Systems Consulting http://www.roble.com/
Current thread:
- Re: Security gain from NAT Roger Marquis (Jun 04)
- Re: Security gain from NAT Donald Stahl (Jun 04)
- Re: Security gain from NAT brett watson (Jun 04)
- <Possible follow-ups>
- Re: Security gain from NAT Roger Marquis (Jun 05)
- Re: Security gain from NAT Donald Stahl (Jun 05)
- Re: Security gain from NAT Donald Stahl (Jun 05)
- Re: Security gain from NAT Roger Marquis (Jun 05)
- Re: Security gain from NAT Valdis . Kletnieks (Jun 05)
- Re: Security gain from NAT Roger Marquis (Jun 05)
- Re: Security gain from NAT Bill Stewart (Jun 06)
- Re: Security gain from NAT Nathan Ward (Jun 06)
- Re: Security gain from NAT Donald Stahl (Jun 05)
- Re: Security gain from NAT Stephen Sprunk (Jun 06)
- Re: Security gain from NAT David Conrad (Jun 06)
- Re: Security gain from NAT Mark Smith (Jun 06)
- Dead Thread (Re: Security gain from NAT) alex (Jun 06)
- Re: Security gain from NAT Donald Stahl (Jun 04)
- Re: Security gain from NAT Nathan Ward (Jun 06)