[6bone] Re: Internal Address Space

[Stephen Degler]

Hi,

Given the immediate future will continue to be Windows Impaired as well,
its completely possible (and unfortunately, necessary) to establish a
"soft chewy center" model with routeable addresses on the inside.
Stateful firewalls are your friend.

skd

On Tue, May 21, 2002 at 05:00:16AM -0700, Chuck Yerkes wrote:
> Quoting David F. Newman (dnewman@maraudingpirates.org):
> > Hi there,
> > In the old IPv4 days sites would use private address space inside a firewall 
> > for either address conservation or just plain old security through obscurity.
> In the old days, we'd use our real IPv4 addresses and that would
> route across the Internet.  We eventually put up firewalls, and
> screening routers (or screend).  As we ran out of IPv4 (they will
> all be gone by 1998 or so :), rfc1918 came along a bit after the
> concept of NAT - network address translation.
> 
> Many lesser admins believe NAT to be actual firewalling (it's
> neat the probes that still work with an established bit set).
> 
> > Now that a site can get a /48 to do with as they please is it necessary to use 
> > private IP space anymore.  I am wondering if people out there use public 
> > routable IPs on both sides of their firewall.  I figure if a node is behind a 
> > firewall it is ok to have a valid IP, but I could be wrong.
> 
> Now that I have 65k Internets of address that will route (nobody
> will route my class C anymore), I use actual addresses on the
> machines that will take them.   I run firewalling software on my
> gateways somewhat.  I also make sure that the machines on my network
> are hardened.  There is no "soft chewy center" if you get past the
> firewall.
> _______________________________________________
> 6bone mailing list
> 6bone@mailman.isi.edu
> http://mailman.isi.edu/mailman/listinfo/6bone