Solved

Disabling NAT on router

Posted on 2004-10-03
5
766 Views
Last Modified: 2013-11-29
hello
I was looking at my router config earlier and came across something i dont really understand about NAT.
Say i was to diable NAT on the router, would each of the PC's on my network get a 'real world' ip address from my ISP?

This is what it said in the manual:
"The PCs on your LAN must have real, registered IP addresses, not private, nonroutable IP addresses such as 192.168.0.x."

what does it mean that they must have a real registered ip address?

if someone could explain about what happens when you disable NAT i would appreciate it

Thanks
Kane
0
Comment
Question by:Kane2002
  • 2
  • 2
5 Comments
 
LVL 10

Expert Comment

by:plemieux72
ID: 12211508
It is not recommended to assign real routable public IP addresses due to security.  Companies usually use private addresses stated in RFC 1918.  So, the only public IP (or pool of IP's) you should have is the outside one(s) on the router facing the Internet.  This prevents Internet hosts from reaching your inside network but does not prevent inside hosts from connecting to Internet hosts (that's what NAT/PAT is for).  NAT and PAT is a big subject, even if you are not running Cisco, the following link explains it much better than anyone could in this forum: http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Technologies:NAT

Now, if you need to put a web server or something else on the Internet, you still can use private IP addresses (this is the recommended way) and map a public to a private IP on your router and let the router handle the connections.  This way, the outside world does not know what internal IP you have for that server.

If you still decided you need to assign public IP's to your internal hosts, make sure you have a firewall.  Hosts directly reachable from the Internet are vulnerable to worms and many other threats.
0
 
LVL 2

Accepted Solution

by:
dramatix01 earned 250 total points
ID: 12211633
Real registered IP addresses are blocks of addresses that have been purchased by companies, individuals, or government entities and regulated by the Internet Assigned Numbers Authority (IANA.)  There are private, non-routable address blocks that cannot be registered such as 10.x.x.x (Class A), 127.x.x.x (Loop back), 169.254.x.x (DHCP auto configuration), 172.16.x.x (Class B), and 192.168.x.x (Class C.)

Use this document as a reference to private IP addresses: http://www.more.net/technical/netserv/tcpip/private.html
Check this website for info about IANA: http://www.iana.org/
Look here for registered address ranges: http://arin.net/

I would not recommend disabling NAT for several reasons:

1. No security - NAT very effectively hides the LAN side of your network.  An attacker can only see one address on the public side so they have no idea if you have only one machine or 10,000 machines on the LAN side.  They also can't see your private IP addressing scheme so spoofing will be more difficult.  Bottom line - the average "script kiddie" will just move on because you require too much work to hack.

2. Unless you are actually paying an ISP to use a range of registered IP addresses that they own or you own them yourself, you'd be "stealing" someone's property.

3. You could possibly run the risk of using duplicate IP addresses on the internet which would throw all kinds of things into disarray.

I hope this helps.  If you have any other questions let us know.

Regards,
Dave L.
0
 

Author Comment

by:Kane2002
ID: 12211650
hey
thanks for the reply.

Im not wanting to assign public ip's ...it was just something that i wanted to know how it worked.

so let me get this right...

if i disabled NAT (not that im going to) for the computers inside the network to access the internet .. they would each have to be assigned a public ip?

Kane
0
 
LVL 10

Expert Comment

by:plemieux72
ID: 12211697
yes, you got that right.
0
 
LVL 2

Expert Comment

by:dramatix01
ID: 12211768
That is very correct, yes.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Internet link load balancer 6 86
BGP recommended setup with failover 2 85
IR 1023 Scanning 4 50
Hidden network 2 39
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question