On Tue, Feb 27, 2001 at 04:35:18PM -0500, Kit Halsted wrote:
>I'm installing a firewall at my main client's site, but one of
>the other consultants is doing most of the work on it. I want to
>NAT it in such a way that each external address corresponds to
>an internal address. He wants to NAT it in such a way that only
>a few specific hosts are mapped like that, & the other 60
>machines are all NATted off of a single IP. I think he's wrong,
>he thinks I'm wrong, can any of you toss us some opinions? Rules
>in IPFilter, of course, are default deny.
If you want to NAT all adress why NAT at all? I would consider
putting up a brdiging firewall, many computers work so much nicer
when they have a real IP. Especially servers.
|