Slightly OT: How common is NAT?
grail at goldweb.com.au
Mon Dec 16 08:59:25 EST 2002
Anthony David wrote:
>One Govt Agency got a B class allocated (they have about 400-600 IPs in
>use). They use it for both LAN and Internet addressing and use Firewalling
>to manage Internet traffic. Messy.
And then stated:
>IMHO, NAT is something you do as a last resort. Trouble-shooting
>is especially exciting when one side refers to an IP and the other side
>has a different number.
So if one option is to use real IPs, and that's messy, and the last
resort is to use NAT (which guarantees that your private network
addresses are unroutable, and therefore to some extent "secure" from
messups), what's inbetween?
Protocols that tell the other end what the IP is supposed to be are - in
my mind at least - somewhat broken. The other end should be able to
detect the source IP address, since that's included as part of the
protocol. If you're trying to prevent man-in-the-middle attacks, use
IPSec to certify that the connection came from someone you trust.
NAT is a great way to give your tens, hundreds or thousands of desktop
machines access to the Internet without having to allocate each of them
a real IP address. Using NAT and private addresses means that your
Windows machines are no longer vulnerable to network level attacks from
outside your network.
More information about the linux