Home page logo
/

firewall-wizards logo Firewall Wizards mailing list archives

Re: the infamous "static" versus "nat"
From: sebastan_bach <sebastan_bach () yahoo com>
Date: Tue, 2 May 2006 03:03:40 -0700 (PDT)


hi vahid. the differnece between nat and static is very simple. when we
configure nat with a interface ip address of the outside of pix it's called
pat.similarly when we set a pool of pulic addresses for the inside users to
access the internet. it's calledd dynamic inside nat. where the users will
take any available ip address from the pool.now imagine u have a webserver
to which u want people from the intenret should have access to it. when u
are having a webserver it will naturally have a name. so ur isp does a dns
entry with the ip address of the webserver to it's name. so that anyone on
the internet queries for ur webserver using it's name the isp will send the
packet to the webserver ip address in the dns entry. now for this it's
mandatory for us to define a static public ip to the webserver. it won't
work if it's dynamic cause it might conflict with the dns entry in the isp.
there are 2 solutions for it. 

either u specify a public ip statically to the web -server but it is a bad
idea cause the other servers in the same segment will naturally have ip
address of the same range. so it will easier for the hacker to scan the
other servers in ur segment. 

so the best solution is statically natting the webserver to a public ip .
which is is not used in any other nat statements. when we do this . we are
specifying that everytime the packet is leavong from the webserver ip
adddress say 10.1.1.1 a privtae ip should always be natted to say 1.1.1.1
public ip given by the webserver. the isp will map in the dns entry that say
www.cisco.com is 1.1.1.1. 

this is what the difference between dynamic nat and static nat. 

there are many more flavours of nat like 

dynamic outside nat 
static outside nat 
static port address translation 
nat 0 
bidirectional nat 
policy nat 
policy nat 0 
policy static 

hope this helps 

regards 

sebastan
--
View this message in context: http://www.nabble.com/the-infamous-%22static%22-versus-%22nat%22-t1411887.html#a4172329
Sent from the Firewall Wizards forum at Nabble.com.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  By Date           By Thread  

Current thread:
  • Re: the infamous "static" versus "nat" sebastan_bach (May 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]