On Tue, 10 Oct 1995, Andrew Foss wrote:
[Whack]
> Most people who choose to continue to use other peoples addresses, merely
> add static routes to the publicly accessable systems they may need to get to
> in the overlapped address space. You also need to be sure those numbers
> don't occur internally.
> For example 20.0.0.0 belongs to CSC, they have a web site at 20.1.10.127.
> Don't use 20.1.10.127 and provide a static route to that network if you
> really need to contact it!
>
> In fact, many of the Class A owners prefer to dedicate a Class C to their
> public machines anyway!
> Nonetheless, if you have the option 10.0.0.0 is a better choice!
Then what's a NAT for? I can throw static routes at any application
gateway in order to "hide" my internal structure. What does the
one-to-one address mapping provide? I think I read you as saying we should
re-number our internal hosts to get away from (stolen) addresses. I view
the static route solution as an ongoing administrative burden--or more
importantly, that solution makes for poor IS-customer relations! We have
to wait for our internal customers to discover our problem, then it's a
race to see how quickly we can fix that particular instance.
I'm not blasting you for making the above statement; thankyou for
clarifying exactly how your product works. Others have responded to my
previous post with programming oriented solutions for determining "port
of origin" and doing address translation accordingly. I'm sure, however, we
will buy a commercial firewall. I'm not opposed to renumbering our
hosts--just need good justification for the poor souls who will have to
actually do the work.
Frank Senter
Senior Information Specialist
Missouri Highway and Transportation Department
P.O. Box 270
Jefferson City MO 65102
References:
|
|
