natting

carl_townshend · ‎06-22-2006

Hi all

can anyone please tell me what is the best or most used way of natting a server to be used on the internet etc, would you use a static nat and just use an access list to control port number access to the server, or would you just nat the ip and port number of the server, ie port forwarding ?

cheers

Carlos

desai.jaideep · ‎06-22-2006

Hi

According to me the usage depends on how much is your need for that IP.It is always advisable to enable NAT b'coz of security reasons.

Case I(Port Forwarding) :- I have only one IP and got 3 servers(http,ftp and mail), I will definately use port forwarding because of restriction.

Case II(1-1 binding):-As already mentioned, I have 3 servers and a whole bunch of IP pool to spare,I will definately bind one IP for each server and couple of ACLs will do the needfull.

I will not deny that the above defination is very crude in comparision to the foroum it has been posted in, but still thats my way of explaining it :)

Regards

JD

spremkumar · ‎06-22-2006

Hi

If you are more concerned on the security front then better place a PIX in front of the firewall and open the required port on that.

Or else you can do a static translations in which you can map the ports required for the services.(in other words on the ports where you want to run the application)..

regds