Two VLANs, One Subnet

Andy Bradford amb-plug at bradfords.org
Sat Mar 10 17:21:35 MST 2007


Thus said Michael Torrie on Sat, 10 Mar 2007 11:28:00 MST:

> All of this can be achieved, as Hans has shown, without NAT. But in my
> opinion, it's  simpler, less  error prone, and  easier to  secure with
> NAT.

Hogwash. There  is nothing inherently  more secure, easier to  secure or
simpler about NAT (or  PAT if you will) than using real  IPs with a real
firewall. Sure there are differences, but  that doesn't mean that NAT is
king in this area. I would much rather prefer a firewall with a deny all
policy using real IPs than worry  about NAT. Both methods block anything
not explicitly allowed, but using real IPs offers a lot more flexibility
in my opinion.

Andy
-- 
[-----------[system uptime]--------------------------------------------]
  5:21pm  up  4:14,  1 user,  load average: 1.21, 1.11, 1.10





More information about the PLUG mailing list