RE: [fw-wiz] Stats on how common NAT is?

From: Bill Royds (broyds@rogers.com)
Date: 12/14/02 

From: "Bill Royds" <broyds@rogers.com>
To: "Michael Still" <mikal@stillhq.com>
Date: Sat Dec 14 20:48:01 2002

I would suggest is ubiquitous in corporate LANS. I work with a place that has its own class B and it still uses NAT between the Internet and internal network. We run the class B on the internal network because it was installed long before there was a need for firewalls other than ACLS. But the present firewall does a NAT on every connection between external Internet address and our class B address space. This does help in VPN but it wouldn't help using DCOM. DCOM should only be used on a LAN/private WAN anyway because of its insecurity, so it seldom causes much problems. port 135 RFC calls are unlikely ever to be allowed past a firewall, so DCOM can't be used on the Internet anyway.
 
So even if the network can have its own Internet address space (not the private RFC1918 addresses), it is likely to NAT all addresses that go past the firewall.

-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com]On Behalf Of Michael
Still
Sent: Sat December 14 2002 18:36
To: fw-wiz
Subject: [fw-wiz] Stats on how common NAT is?

Hello.

I work as a software developer, and there has been some discussion at work
as to how common NAT is in corporate environments (this affects whether we
use DCOM or not).

Does anyone have any pointers on how common NAT in corporate environments
is? Why are these people using NAT, is it solely the expense of real IPs,
or is it also for the added security?

Thanks,
Mikal 

-- 
Michael Still (mikal@stillhq.com) | Stage 1: Steal underpants
http://www.stillhq.com            | Stage 2: ????
UTC + 11                          | Stage 3: Profit
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • Re: NAT without DHCP? (w2k3)
    ... How I can troubleshoot the problem and see why ip packets from the private ... DNS works perfectly fine but nothing else. ... How does your server connect to the Internet? ... I also enabled NAT tracing - may be this can help? ...
    (microsoft.public.windows.server.networking)
  • Re: NAT without DHCP? (w2k3)
    ... is that dialog to configure address pool for the private network? ... (Just to add to the confusion there is another pool of addresses in RRAS ... If you want to use it, you configure a pool of IP addresses for NAT ... is enabled on the public interface of the RRAS server already. ...
    (microsoft.public.windows.server.networking)
  • Re: NAT and RDP ?
    ... NAT device from a Client on the private side of the LAN. ... If the Resource is bound only to the Public IP# of the Server (like IIS can do ...
    (microsoft.public.windows.server.networking)
  • Re: RRAS Win2003: Cannot reach public IP reserved hosts behind our NAT
    ... From within our intranet we can access the machines by> their private addresses just fine, as these packets are not> routed to our RRAS box. ... The role of the IP# in Ethernet is only to provide a Layer3 routing> mechanism and to provide a means to resolve the MAC address. ... The> reason intranet host must use the private addresses to access the servers is> because NAT can't make "u-turns". ... When you send a packet to the external> IP# the "NAT" process takes it and creates a situation where the source and> destination MAC addresses in the packet headers are the same address. ...
    (microsoft.public.windows.server.networking)
  • Re: NAT without DHCP? (w2k3)
    ... My guess is that you have not configured the public interface correctly. ... How does your server connect to the Internet? ... set to the private address of the NAT machine? ...
    (microsoft.public.windows.server.networking)