Slightly OT: How common is NAT?
Anthony David
adavid at adavid.com.au
Sat Dec 14 11:08:46 EST 2002
Michael Still <mikal at stillhq.com> writes:
> Hello.
>
> I have been asked at work how common NAT'ed corporate networks are. My gut
> feeling is very, for a couple of reasons:
>
> - all the corporate networks I have seen are like that
> - no one can afford mounds of real IPs
> - it's more "secure"
>
> Does anyone know of any research / references which will either backup my
> statement, or prove me wrong?
A few anecdotal experiences.
One Govt Department allocated a bunch of different routable subnets
in their LAN. They use NAT and Firewalls to manage Internet and non-Internet
Traffic. These aren't even their own addresses! Messy. Interestingly,
one Dept in the late '80s went IP and assigned routable addresses by the
same method. I expressed my reservations and they said it was too hard
to change. 6 months later they changed, thankfully.
One Govt Agency got a B class allocated (they have about 400-600 IPs in
use). They use it for both LAN and Internet addressing and use Firewalling
to manage Internet traffic. Messy.
A number of Govt Departments use Private Addressing for their LAN and
routable addresses for Internet hosts. Much less hassle than
the above. Too many B-class locked up though in general.
IMHO, NAT is something you do as a last resort. Trouble-shooting
is especially exciting when one side refers to an IP and the other side
has a different number.
Interesting that DSD EPL's the CISCO PIX without NAT when the main
feature of the PIX is NAT.
--
Anthony David
Gambling(n): A discretionary tax on those asleep during high school maths
http://adavid.com.au/
0xA72CE1ED fingerprint = EA1E C69E FE59 BBE1 AA4B F354 BD09 9765 A72C E1ED
More information about the linux
mailing list