[134866] in North American Network Operators' Group
Re: Is NAT can provide some kind of protection?
daemon@ATHENA.MIT.EDU (Michel de Nostredame)
Wed Jan 12 14:36:14 2011
In-Reply-To: <BLU0-SMTP171FA5EE6F76A7B0191101BBBF10@phx.gbl>
Date: Wed, 12 Jan 2011 11:33:23 -0800
From: Michel de Nostredame <d.nostra@gmail.com>
To: Tarig Ahmed <tariq198487@hotmail.com>
Cc: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Mar 21, 2007 at 2:41 AM, Tarig Ahmed <tariq198487@hotmail.com> wrote:
> We have wide range of Public IP addresses, I tried to assign public ip
> directly to a server behined firewall( in DMZ), but I have been resisted.
> Security guy told me is not correct to assign public ip to a server, it
> should have private ip for security reasons.
>
> Is it true that NAT can provide more security?
>
> Thanks,
>
> Tarig Yassin Ahmed
I assume you are talking about the protection to the current running
"public facing" servers, hence the NAT could not provide more
protection to them compares to a proper configed firewall.
However, for a small business who does not have its own ASN & Provider
Independent IP block(s), a NAT (NAT44 and NAT66) could provide lots of
protection on IT resources when there is a need to install multiple
Internet access lines for providing quickly failover (manual or
automatic, doesn't matter) and/or load-sharing capability to end
users.
--
Michel~
