nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is NAT can provide some kind of protection?

From: Michel de Nostredame <d.nostra () gmail com>
Date: Wed, 12 Jan 2011 11:33:23 -0800
On Wed, Mar 21, 2007 at 2:41 AM, Tarig Ahmed <tariq198487 () hotmail com> wrote:

We have wide range of Public IP addresses, I tried to assign public ip
directly to a server behined firewall( in DMZ), but I have been resisted.
Security guy told me is not correct to assign public ip to a server, it
should have private ip for security reasons.

Is it true that NAT can provide more security?

Thanks,

Tarig Yassin Ahmed


I assume you are talking about the protection to the current running
"public facing" servers, hence the NAT could not provide more
protection to them compares to a proper configed firewall.

However, for a small business who does not have its own ASN & Provider
Independent IP block(s), a NAT (NAT44 and NAT66) could provide lots of
protection on IT resources when there is a need to install multiple
Internet access lines for providing quickly failover (manual or
automatic, doesn't matter) and/or load-sharing capability to end
users.

--
Michel~
Previous By Date Next
Previous By Thread Next

Current thread: