[6bone] Re: Internal Address Space
Stephen Degler
sdegler@degler.net
Tue, 21 May 2002 09:40:27 -0400
Hi,
Given the immediate future will continue to be Windows Impaired as well,
its completely possible (and unfortunately, necessary) to establish a
"soft chewy center" model with routeable addresses on the inside.
Stateful firewalls are your friend.
skd
On Tue, May 21, 2002 at 05:00:16AM -0700, Chuck Yerkes wrote:
> Quoting David F. Newman (dnewman@maraudingpirates.org):
> > Hi there,
> > In the old IPv4 days sites would use private address space inside a firewall
> > for either address conservation or just plain old security through obscurity.
> In the old days, we'd use our real IPv4 addresses and that would
> route across the Internet. We eventually put up firewalls, and
> screening routers (or screend). As we ran out of IPv4 (they will
> all be gone by 1998 or so :), rfc1918 came along a bit after the
> concept of NAT - network address translation.
>
> Many lesser admins believe NAT to be actual firewalling (it's
> neat the probes that still work with an established bit set).
>
> > Now that a site can get a /48 to do with as they please is it necessary to use
> > private IP space anymore. I am wondering if people out there use public
> > routable IPs on both sides of their firewall. I figure if a node is behind a
> > firewall it is ok to have a valid IP, but I could be wrong.
>
> Now that I have 65k Internets of address that will route (nobody
> will route my class C anymore), I use actual addresses on the
> machines that will take them. I run firewalling software on my
> gateways somewhat. I also make sure that the machines on my network
> are hardened. There is no "soft chewy center" if you get past the
> firewall.
> _______________________________________________
> 6bone mailing list
> 6bone@mailman.isi.edu
> http://mailman.isi.edu/mailman/listinfo/6bone