Two VLANs, One Subnet
Andy Bradford
amb-plug at bradfords.org
Sat Mar 10 17:21:35 MST 2007
Thus said Michael Torrie on Sat, 10 Mar 2007 11:28:00 MST:
> All of this can be achieved, as Hans has shown, without NAT. But in my
> opinion, it's simpler, less error prone, and easier to secure with
> NAT.
Hogwash. There is nothing inherently more secure, easier to secure or
simpler about NAT (or PAT if you will) than using real IPs with a real
firewall. Sure there are differences, but that doesn't mean that NAT is
king in this area. I would much rather prefer a firewall with a deny all
policy using real IPs than worry about NAT. Both methods block anything
not explicitly allowed, but using real IPs offers a lot more flexibility
in my opinion.
Andy
--
[-----------[system uptime]--------------------------------------------]
5:21pm up 4:14, 1 user, load average: 1.21, 1.11, 1.10
More information about the PLUG
mailing list