Solved

Disabling NAT on router

Posted on 2004-10-03
5
756 Views
Last Modified: 2013-11-29
hello
I was looking at my router config earlier and came across something i dont really understand about NAT.
Say i was to diable NAT on the router, would each of the PC's on my network get a 'real world' ip address from my ISP?

This is what it said in the manual:
"The PCs on your LAN must have real, registered IP addresses, not private, nonroutable IP addresses such as 192.168.0.x."

what does it mean that they must have a real registered ip address?

if someone could explain about what happens when you disable NAT i would appreciate it

Thanks
Kane
0
Comment
Question by:Kane2002
  • 2
  • 2
5 Comments
 
LVL 10

Expert Comment

by:plemieux72
ID: 12211508
It is not recommended to assign real routable public IP addresses due to security.  Companies usually use private addresses stated in RFC 1918.  So, the only public IP (or pool of IP's) you should have is the outside one(s) on the router facing the Internet.  This prevents Internet hosts from reaching your inside network but does not prevent inside hosts from connecting to Internet hosts (that's what NAT/PAT is for).  NAT and PAT is a big subject, even if you are not running Cisco, the following link explains it much better than anyone could in this forum: http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Technologies:NAT

Now, if you need to put a web server or something else on the Internet, you still can use private IP addresses (this is the recommended way) and map a public to a private IP on your router and let the router handle the connections.  This way, the outside world does not know what internal IP you have for that server.

If you still decided you need to assign public IP's to your internal hosts, make sure you have a firewall.  Hosts directly reachable from the Internet are vulnerable to worms and many other threats.
0
 
LVL 2

Accepted Solution

by:
dramatix01 earned 250 total points
ID: 12211633
Real registered IP addresses are blocks of addresses that have been purchased by companies, individuals, or government entities and regulated by the Internet Assigned Numbers Authority (IANA.)  There are private, non-routable address blocks that cannot be registered such as 10.x.x.x (Class A), 127.x.x.x (Loop back), 169.254.x.x (DHCP auto configuration), 172.16.x.x (Class B), and 192.168.x.x (Class C.)

Use this document as a reference to private IP addresses: http://www.more.net/technical/netserv/tcpip/private.html
Check this website for info about IANA: http://www.iana.org/
Look here for registered address ranges: http://arin.net/

I would not recommend disabling NAT for several reasons:

1. No security - NAT very effectively hides the LAN side of your network.  An attacker can only see one address on the public side so they have no idea if you have only one machine or 10,000 machines on the LAN side.  They also can't see your private IP addressing scheme so spoofing will be more difficult.  Bottom line - the average "script kiddie" will just move on because you require too much work to hack.

2. Unless you are actually paying an ISP to use a range of registered IP addresses that they own or you own them yourself, you'd be "stealing" someone's property.

3. You could possibly run the risk of using duplicate IP addresses on the internet which would throw all kinds of things into disarray.

I hope this helps.  If you have any other questions let us know.

Regards,
Dave L.
0
 

Author Comment

by:Kane2002
ID: 12211650
hey
thanks for the reply.

Im not wanting to assign public ip's ...it was just something that i wanted to know how it worked.

so let me get this right...

if i disabled NAT (not that im going to) for the computers inside the network to access the internet .. they would each have to be assigned a public ip?

Kane
0
 
LVL 10

Expert Comment

by:plemieux72
ID: 12211697
yes, you got that right.
0
 
LVL 2

Expert Comment

by:dramatix01
ID: 12211768
That is very correct, yes.
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Access point 6 60
SD - WAN 2 45
Cisco ASA inside & outside to same switch 3 41
Botnet detection help me please 21 85
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now