[Techtalk] To NAT or not to NAT?

Michelle Murrain tech at murrain.net
Wed Nov 13 17:14:03 EST 2002

>(this may be a little more than you wanted....)
>On Wed, 13 Nov 2002, Michelle Murrain wrote:
>>  So my questions are as follows:
>>  Obviously, I'm going to use NAT for machines in my internal network
>>  that aren't servers. But in terms of the servers, what are the real
>>  advantages of NAT besides "security by obscurity" which I know isn't
>>  sufficient, and, right now isn't necessary, since I'm using IOS
>>  access lists as well as ipchains/tables on my servers?
>I'd probably put up a DMZ.  Instead of reverse NAT-ing back through the
>firewall to publicly available servers, put them out in the publicly
>addressible space, give them a public IP out of your set, and let the ACLs
>on the router take care of only allowing that service to that machine.

Thanks much - it isn't too much - very good info.

Truth is, I have 2 measly desktop boxes and a laptop that is 
occasionally on, and 5 servers, so a DMZ is overkill, IMHO - too much 
time and energy protecting 2 boxes, that are pretty well already 
protected. If I had a bigger internal network, then yah, absolutely, 
a DMZ makes perfect sense.

Thanks again - this was very helpful!

Michelle Murrain, Technology Consulting
tech at murrain.net     http://www.murrain.net
413-253-2874 ph
413-222-6350 cell
413-825-0288 fax
AIM:pearlbear0 Y!:pearlbear9 ICQ:129250575

"A vocation is where the world's hunger & your great gladness meet."  
Frederick Buechner

More information about the Techtalk mailing list