On Monday 03 August 2009 00:36, Les Mikesell wrote: > Drew wrote: > >> It's a bit of bad form to use NAT and private addresses at all because > >> the internet really wasn't designed to be segmented, but everyone does > >> it. > > > > Why is NAT bad form? > > I don't mean to imply it shouldn't be used - it is pretty much a necessary > evil now, but it doesn't fit the original IP design very well. > > >>From my standpoint as an admin, private IP's & NAT are another tool to > > > > help secure my network. You can't attack what you can't see and even a > > misconfigured router or firewall won't expose my network to prying > > eyes. > > There are small problems like often needing split DNS, not being able to > offer public services easily, not being able to track the source addresses > meaningfully in logs, etc., but the real killer comes when your large Say what? How do you figure this? Unless you are not NAT'ing correctly. When NAT'ing only the destination address is changes and on the outbound only the source address is changed. So if you are logging you should still see the ip addresses. > organization merges with another using the same private address range and > you need to connect the networks. This can be worked around and has on many occasions at the office. The bigger problem is when you are just partnering with another company using the same range. -- Regards Robert Linux User #296285 http://counter.li.org