[Techtalk] To NAT or not to NAT?
Michelle Murrain
tech at murrain.net
Wed Nov 13 17:14:03 EST 2002
>(this may be a little more than you wanted....)
>
>On Wed, 13 Nov 2002, Michelle Murrain wrote:
><snip>
>>
>> So my questions are as follows:
>>
>> Obviously, I'm going to use NAT for machines in my internal network
>> that aren't servers. But in terms of the servers, what are the real
>> advantages of NAT besides "security by obscurity" which I know isn't
>> sufficient, and, right now isn't necessary, since I'm using IOS
>> access lists as well as ipchains/tables on my servers?
>>
>
>I'd probably put up a DMZ. Instead of reverse NAT-ing back through the
>firewall to publicly available servers, put them out in the publicly
>addressible space, give them a public IP out of your set, and let the ACLs
>on the router take care of only allowing that service to that machine.
<snip>
Thanks much - it isn't too much - very good info.
Truth is, I have 2 measly desktop boxes and a laptop that is
occasionally on, and 5 servers, so a DMZ is overkill, IMHO - too much
time and energy protecting 2 boxes, that are pretty well already
protected. If I had a bigger internal network, then yah, absolutely,
a DMZ makes perfect sense.
Thanks again - this was very helpful!
--
.Michelle
--------------------------
Michelle Murrain, Technology Consulting
tech at murrain.net http://www.murrain.net
413-253-2874 ph
413-222-6350 cell
413-825-0288 fax
AIM:pearlbear0 Y!:pearlbear9 ICQ:129250575
"A vocation is where the world's hunger & your great gladness meet."
Frederick Buechner
More information about the Techtalk
mailing list