Re: [fw-wiz] Internet accessible screened subnet - use public orprivateIPs?

From: Victor Williams (vbwilliams_at_neb.rr.com)
Date: 07/23/05

  • Next message: Sanford Reed: "RE: [fw-wiz] Internet accessible screened subnet - use public or private IPs?" 
    To: David Lang <david.lang@digitalinsight.com>
Date: Fri, 22 Jul 2005 22:33:50 -0500

    I've seen the interesting issues as well. But in 90+% of the networks I
    deal with, I don't find those issues. It's only when myself and the
    admin I'm working with has 20 services in the DMZ that needs to be
    provided publicly, but their ISP has only given them a /29 subnet to use
      that my head starts to hurt.

    My overall point was, if you have the $ for IP addresses or already have
    them, it's discretionary...it's up to you to use NAT or not. If you
    don't have the IP addresses to spare, then sometimes you have to get
    creative. I guess I didn't see the issue as more/less work, or
    routing/not routing if you knew what you were doing...it just becomes
    preference of implementation at that point.

    > however, for a DMZ (the question that was asked) you are typicaly
    > providing service to the Internet, and for that you run into a bunch of
    > very interesting issues if you try to use NAT to reduce the number of IP
    > addresses you use.
    >
    > David Lang
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Sanford Reed: "RE: [fw-wiz] Internet accessible screened subnet - use public or private IPs?"

    Relevant Pages

    • Re: Linksys WRT54G and Firewall software
      ... but, if you take your laptop to other networks it ... The NAT does block incoming connections. ... The XP SP2 firewall does block all incoming connections when configured with no exceptions. ... That does not explain why the computer would need another firewall from the XP SP2 FW when it is connected to other networks. ...
      (comp.security.firewalls)
    • Re: newbie to home network dhcp worries
      ... >> networks you are fine. ... you MUST run NAT on at least the Modem(the ... your setup is not much ... >> and IP from the ADSL unit, and the computers get an IP from the BEFSR. ...
      (microsoft.public.win2000.networking)
    • Thoughts on IPv6, was: Re: Help Broadcasting a UDP packet on the LAN:URGENT
      ... It might be useful to consider another perspective on IPv6: ... > to believe that adding crypto into your network layer is pointless. ... >> That would solve a lot of issues for secure networks. ... > NAT is an appalling hack. ...
      (freebsd-net)
    • Re: FTP configuration with RRAS
      ... It depends how you setup the RRAS. ... If you enabled the NAT, I would check the NAT services and ports. ... Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net ... networks can see each other from clients of ...
      (microsoft.public.windows.server.networking)
    • Re: help programming NAT
      ... > I'm writing a nat module for study purposes in linux kernel. ... > the fact is that in some networks it works fine, ... Did you remember to change both the IP checksum and the TCP ... tauno voipio iki fi ...
      (comp.os.linux.networking)