Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: RE: the infamous "static" versus "nat"

RE: the infamous "static" versus "nat"

From: Bruce Smith <bruce_the_loon_at_worldonline.co.za>
Date: Sun, 9 Apr 2006 15:25:15 +0200

Hi

The single biggest difference I've found between doing using static and nat
is that nat allocates the translation from the bottom of the subnet up,
while a static across a subnet maps directly.

NAT - 10.1.1.0 -> 10.1.1.0 (in order of access)
10.1.1.1 -> 10.1.1.1
10.1.1.23 -> 10.1.1.2
10.1.1.109 -> 10.1.1.1.3
10.1.1.2 -> 10.1.1.4

Static 10.1.1.0 -> 10.1.1.0 (in order of access)
10.1.1.1 -> 10.1.1.1
10.1.1.23 -> 10.1.1.23
10.1.1.109 -> 10.1.1.1.109
10.1.1.2 -> 10.1.1.2

Beyond that, we tend to use statics from outside to dmz/inside and where we
need a direct IP to IP for DNS/WINS based back-connects. Otherwise we use
NAT as it is easier to maintain.

Regards,

Bruce Smith

-----Original Message-----
From: firewall-wizards-admin_at_honor.icsalabs.com
[mailto:firewall-wizards-admin_at_honor.icsalabs.com] On Behalf Of Vahid
Pazirandeh
Sent: Wednesday, April 05, 2006 8:02 PM
To: firewall-wizards_at_honor.icsalabs.com
Subject: [fw-wiz] the infamous "static" versus "nat"

Hi All. Great mail list btw, thanks to everyones input.

Two basic questions.

1. I've heard the convention of using "static" for low-to-high NATing and
"nat/global" for high-to-low. Why?

2. Would someone explain the underlying differences in these two commands?
Do they achieve the same thing? Assume net1 = 10.1.1.0/24, net2 =
10.2.2.0/24.

A. static (net1, net2) 10.1.1.0 10.1.1.0 netmask 255.255.255.0 B. static
(net2, net1) 10.2.2.0 10.2.2.0 netmask 255.255.255.0

Cheers!

=============================================
 "Make it better before you make it faster."
=============================================

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com _______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Apr 09 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos