Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 786
  • Last Modified:

Disabling NAT on router

hello
I was looking at my router config earlier and came across something i dont really understand about NAT.
Say i was to diable NAT on the router, would each of the PC's on my network get a 'real world' ip address from my ISP?

This is what it said in the manual:
"The PCs on your LAN must have real, registered IP addresses, not private, nonroutable IP addresses such as 192.168.0.x."

what does it mean that they must have a real registered ip address?

if someone could explain about what happens when you disable NAT i would appreciate it

Thanks
Kane
0
Kane2002
Asked:
Kane2002
  • 2
  • 2
1 Solution
 
plemieux72Commented:
It is not recommended to assign real routable public IP addresses due to security.  Companies usually use private addresses stated in RFC 1918.  So, the only public IP (or pool of IP's) you should have is the outside one(s) on the router facing the Internet.  This prevents Internet hosts from reaching your inside network but does not prevent inside hosts from connecting to Internet hosts (that's what NAT/PAT is for).  NAT and PAT is a big subject, even if you are not running Cisco, the following link explains it much better than anyone could in this forum: http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Technologies:NAT

Now, if you need to put a web server or something else on the Internet, you still can use private IP addresses (this is the recommended way) and map a public to a private IP on your router and let the router handle the connections.  This way, the outside world does not know what internal IP you have for that server.

If you still decided you need to assign public IP's to your internal hosts, make sure you have a firewall.  Hosts directly reachable from the Internet are vulnerable to worms and many other threats.
0
 
dramatix01Commented:
Real registered IP addresses are blocks of addresses that have been purchased by companies, individuals, or government entities and regulated by the Internet Assigned Numbers Authority (IANA.)  There are private, non-routable address blocks that cannot be registered such as 10.x.x.x (Class A), 127.x.x.x (Loop back), 169.254.x.x (DHCP auto configuration), 172.16.x.x (Class B), and 192.168.x.x (Class C.)

Use this document as a reference to private IP addresses: http://www.more.net/technical/netserv/tcpip/private.html
Check this website for info about IANA: http://www.iana.org/
Look here for registered address ranges: http://arin.net/

I would not recommend disabling NAT for several reasons:

1. No security - NAT very effectively hides the LAN side of your network.  An attacker can only see one address on the public side so they have no idea if you have only one machine or 10,000 machines on the LAN side.  They also can't see your private IP addressing scheme so spoofing will be more difficult.  Bottom line - the average "script kiddie" will just move on because you require too much work to hack.

2. Unless you are actually paying an ISP to use a range of registered IP addresses that they own or you own them yourself, you'd be "stealing" someone's property.

3. You could possibly run the risk of using duplicate IP addresses on the internet which would throw all kinds of things into disarray.

I hope this helps.  If you have any other questions let us know.

Regards,
Dave L.
0
 
Kane2002Author Commented:
hey
thanks for the reply.

Im not wanting to assign public ip's ...it was just something that i wanted to know how it worked.

so let me get this right...

if i disabled NAT (not that im going to) for the computers inside the network to access the internet .. they would each have to be assigned a public ip?

Kane
0
 
plemieux72Commented:
yes, you got that right.
0
 
dramatix01Commented:
That is very correct, yes.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now