> -----Original Message-----
> From: DaZZa [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, 19 April 2001 12:20 PM
> To: Visser, Martin (SNO)
> Cc: [EMAIL PROTECTED]
> Subject: RE: [SLUG] Re: ISP requests IP block back
>
>
> You can do it with one address - to point your domain to - and some
> intelligent inbound proxy setup to redirect requests for a given
> port/protocol to a private IP range.
>
> > You can't NAT everything. (Sure you can have the ISP host
> for you, but this
> > isn't always a scalable solution)
>
> Who says?
>
> I did it once upon a time - 1500 person company, spread over 6 capital
> cities in Australia and twice as many office locations -
> while we had a
> complete class C address range available, we used _one_ address -
> everything else was done via NAT either inbound or outbound -
> including
> mail, web traffic, and other services.
>
> Worked quite well, considering. And it certainly narrowed down the
> potential for inbound hacks to ports WE defined as permitted, not just
> open slather.
>
> DaZZa
Agreed, you certainly can do it all to one address, but it forces you
basically to have a single NAT box for everything which may or may not be a
good scalable solution. ( Assuming that they applied for the /28's I'm
guessing that the site was sufficient size to warrant it). Though I guess
some of the new web switches (ala Alteon and Arrowpoint) now might allow you
to use a single address, switch incoming requests to relevant servers and
have some redundancy as well. I still think it is nice to have a few
addresses up your sleeve to put new servers into place without relying on
NAT all the time.
Anyway, I guess all I was saying is that you must have some registered space
to have your own portal to the 'net.
Martin Visser
Network Consultant - Compaq Global Services
Compaq Computer Australia
410 Concord Road
Rhodes, Sydney NSW 2138
Australia
Phone: +61-2-9022-5630
Mobile: +61-411-254-513
Fax:+61-2-9022-7001
Email:[EMAIL PROTECTED]
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
