Slightly OT: How common is NAT?

Alex Satrapa grail at goldweb.com.au
Mon Dec 16 08:59:25 EST 2002


Anthony David wrote:

>One Govt Agency got a B class allocated (they have about 400-600 IPs in
>use). They use it for both LAN and Internet addressing and use Firewalling
>to manage Internet traffic. Messy.
>
And then stated:

>IMHO, NAT is something you do as a last resort. Trouble-shooting
>is especially exciting when one side refers to an IP and the other side
>has a different number.
>
So if one option is to use real IPs, and that's messy, and the last 
resort is to use NAT (which guarantees that your private network 
addresses are unroutable, and therefore to some extent "secure" from 
messups), what's inbetween?

Protocols that tell the other end what the IP is supposed to be are - in 
my mind at least - somewhat broken. The other end should be able to 
detect the source IP address, since that's included as part of the 
protocol. If you're trying to prevent man-in-the-middle attacks, use 
IPSec to certify that the connection came from someone you trust.

NAT is a great way to give your tens, hundreds or thousands of desktop 
machines access to the Internet without having to allocate each of them 
a real IP address. Using NAT and private addresses means that your 
Windows machines are no longer vulnerable to network level attacks from 
outside your network.





More information about the linux mailing list