Firewalls: Re: firewall with only one IP address ???

Firewalls
(September 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: firewall with only one IP address ???
From:	chk @ psa . pencom . com (Christian Kuhtz)
Date:	Tue, 12 Sep 1995 12:27:35 -0500 (CDT)
To:	dkrapf @ ability . net (Don Krapf)
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<199509121522 . LAA06616 @ yakko . ability . net> from "Don Krapf" at Sep 12, 95 11:22:25 am

> > we have one question:
> > Our firm now wants to connect to the internet, but we will get only
> > one official IP-address. First, we believed this would be no problem
> > because we'll use the 10.0.0.0 net as our internal network and we
> > will be able to manage the connections over proxies.
> 
> Why not buy access for a full network instead of a single address?  You're
> not trying to hide a network behind a single address to avoid paying your
> ISP for routing to your network, are you?

What's your point, Inquisitor? It's perfectly fine to "hide" several thousand 
machines behind one IP (or a couple in case you scale firewalls dynamically as 
we do). I do this here (see sig) for our client all the time.
And when our client asked their provider for connectivity, they knew what they 
were getting. I mean, afterall this is not about IPs, this is about bandwidth. 
And everybody will wake up if you ask for a T3 with only one registered address.
I mean, you're not going to connect a zillion users of a 28k8 dialup line.... 
get real and chill, and get a life since you won't stay long in biz with that
attitude.

Besides, it's pretty unbelievable if someone charges for routing my IPs, unless
I expect them to do something very extravagant with it (like dynamic routing for
multiple ports of entry for redundancy and providing network management via a
NOC).  
I'm buying *connectivity*, and routing is a neccessity for it. It's like 
buying a new car and tires are considered a preferred customer option. 

Last point, it's simply not my provider's business to know how many IPs I'm 
using internally nor anything else. All you need is rock solid connectivity to 
the firewall. That's what one pays for. And telling a provider (as any other
external company) about my network/system config usually violates security 
policies anyways.

Maybe one should issue a public warning not to do business with disability.net.

Dizzy from shaking my head,
Chris

--___  ____ __
 | _ \/ __/|  \   Christian Kuhtz <chk @
 psa .
 pencom .
 com>	       +1 914-684-4467
 |  _/\__ \| \ \  Pencom System Administration Services	  fax: +1 914-684-3791
 |_|  /___/|_|__\ on-location at Advantis/IBM Global Network, White Plains, NY

References:

Re: firewall with only one IP address ???
From: Don Krapf <dkrapf @ ability . net>

Indexed By Date	Previous:	Re: firewall with only one IP address ??? From: Alan Hannan <alan @ mid . net>
Indexed By Date	Next:	Re: Secure version of Sendmail From: chk @ psa . pencom . com (Christian Kuhtz)
Indexed By Thread	Previous:	Re: firewall with only one IP address ??? From: Alan Hannan <alan @ mid . net>
Indexed By Thread	Next:	Re: firewall with only one IP address ??? From: lpierce @ intex . net (S. Lane Pierce)