[Discuss] NAT with real routable IP addresses?
David Bronaugh
dbronaugh at linuxboxen.org
Mon Jun 18 15:54:41 PDT 2007
Johnny Stork wrote:
> I was hoping for a more informative and realistic reply. This is what
> the client uses so I need to work with their existing equipment. Sure
> I will be providing recommendations for cheaper, more secure and
> powerful iptables/Linux based solutions, but for now I need to resolve
> this particular issue. Also, a bit more explanation would be nice? Is
> your suggestion (dont use ISA) based on the knowledge/experience that
> there is a functional limitation in ISA which would prohibit this?
I can't speak to what MS ISA server will and will not do.
I believe the usual way to do this is not to use NAT at all, but instead
to use standard routing with a firewall with a non-routable IP in the
middle as a "border guard" if you will, disallowing undesirable traffic
inside the walls.
IIRC this doesn't require 2 publically routable IPs -- simply a few
static routes to work around the fact that the private IP in the middle
is there.
David
More information about the Discuss
mailing list