Dave Gillett wrote:
>
> On 22 Feb 00, at 15:38, Brad Lunsford wrote:
>
> > I'm setting up a Firewall/Proxy combination for a company that is
> > using unregistered addresses on their network. My idea was to use
> > a router to perform NAT before the proxy server. That way, the
> > proxy would sit on a subnet that contained a private address
> > range. Does anyone have any opinions on this type of setup?
It's what I use, and it appears to work well. I figure it makes it just
that little bit harder for external nasties to attack my proxy server
too :-)
>
> To date, the line I've held to is that the use of unregistered
> addresses constitutes a policy decision that the company net *will
> not* be joined to any other internetwork; if that policy is being
> overturned, then its expression in the network addressing scheme is
> obsolete and must be fixed.
Eh? Why? IP4 addresses are expensive. Most people don't need em, as
NAT/Masq works very well for most basic applications.
--
Tristan Ball
System Administrator - Adelaide
Vision Systems
PH (08) 83004771
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
