On 22 Feb 00, at 15:38, Brad Lunsford wrote:
> I'm setting up a Firewall/Proxy combination for a company that is
> using unregistered addresses on their network. My idea was to use
> a router to perform NAT before the proxy server. That way, the
> proxy would sit on a subnet that contained a private address
> range. Does anyone have any opinions on this type of setup?
To date, the line I've held to is that the use of unregistered
addresses constitutes a policy decision that the company net *will
not* be joined to any other internetwork; if that policy is being
overturned, then its expression in the network addressing scheme is
obsolete and must be fixed.
At best, it's a decision that no internal machine will ever need to
exchange data with a host on the network to whom the address range is
registered. I believe that's a business decision that most IT
departments don't have the authority to make, and cannot defend for
long.
David G
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
