Solved

Disabling NAT on router

Posted on 2004-10-03
5
775 Views
Last Modified: 2013-11-29
hello
I was looking at my router config earlier and came across something i dont really understand about NAT.
Say i was to diable NAT on the router, would each of the PC's on my network get a 'real world' ip address from my ISP?

This is what it said in the manual:
"The PCs on your LAN must have real, registered IP addresses, not private, nonroutable IP addresses such as 192.168.0.x."

what does it mean that they must have a real registered ip address?

if someone could explain about what happens when you disable NAT i would appreciate it

Thanks
Kane
0
Comment
Question by:Kane2002
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 10

Expert Comment

by:plemieux72
ID: 12211508
It is not recommended to assign real routable public IP addresses due to security.  Companies usually use private addresses stated in RFC 1918.  So, the only public IP (or pool of IP's) you should have is the outside one(s) on the router facing the Internet.  This prevents Internet hosts from reaching your inside network but does not prevent inside hosts from connecting to Internet hosts (that's what NAT/PAT is for).  NAT and PAT is a big subject, even if you are not running Cisco, the following link explains it much better than anyone could in this forum: http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Technologies:NAT

Now, if you need to put a web server or something else on the Internet, you still can use private IP addresses (this is the recommended way) and map a public to a private IP on your router and let the router handle the connections.  This way, the outside world does not know what internal IP you have for that server.

If you still decided you need to assign public IP's to your internal hosts, make sure you have a firewall.  Hosts directly reachable from the Internet are vulnerable to worms and many other threats.
0
 
LVL 2

Accepted Solution

by:
dramatix01 earned 250 total points
ID: 12211633
Real registered IP addresses are blocks of addresses that have been purchased by companies, individuals, or government entities and regulated by the Internet Assigned Numbers Authority (IANA.)  There are private, non-routable address blocks that cannot be registered such as 10.x.x.x (Class A), 127.x.x.x (Loop back), 169.254.x.x (DHCP auto configuration), 172.16.x.x (Class B), and 192.168.x.x (Class C.)

Use this document as a reference to private IP addresses: http://www.more.net/technical/netserv/tcpip/private.html
Check this website for info about IANA: http://www.iana.org/
Look here for registered address ranges: http://arin.net/

I would not recommend disabling NAT for several reasons:

1. No security - NAT very effectively hides the LAN side of your network.  An attacker can only see one address on the public side so they have no idea if you have only one machine or 10,000 machines on the LAN side.  They also can't see your private IP addressing scheme so spoofing will be more difficult.  Bottom line - the average "script kiddie" will just move on because you require too much work to hack.

2. Unless you are actually paying an ISP to use a range of registered IP addresses that they own or you own them yourself, you'd be "stealing" someone's property.

3. You could possibly run the risk of using duplicate IP addresses on the internet which would throw all kinds of things into disarray.

I hope this helps.  If you have any other questions let us know.

Regards,
Dave L.
0
 

Author Comment

by:Kane2002
ID: 12211650
hey
thanks for the reply.

Im not wanting to assign public ip's ...it was just something that i wanted to know how it worked.

so let me get this right...

if i disabled NAT (not that im going to) for the computers inside the network to access the internet .. they would each have to be assigned a public ip?

Kane
0
 
LVL 10

Expert Comment

by:plemieux72
ID: 12211697
yes, you got that right.
0
 
LVL 2

Expert Comment

by:dramatix01
ID: 12211768
That is very correct, yes.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question