On 14 Nov 2011, at 18:52, "McCall, Gabriel" <gabriel.mcc...@thyssenkrupp.com> wrote:
> Chuck, you're right that this should not happen- but the reason it should not > happen is because you have a properly functioning stateful firewall, not > because you're using NAT. If your firewall is working properly, then having > public addresses behind it is no less secure than private. And if your > firewall is not working properly, then having private addresses behind it is > no more secure than public. In either case, NAT gains you nothing over what > you'd have with a firewalled public-address subnet. Well this is not quite true, is it.. If your firewall is not working and you have private space internally then you are a lot better off then if you have public space internally! So if your firewall is not working then having private space on one side is a hell of a lot more secure! As somebody else mentioned on this thread, a NAT box with private space on one side fails closed. -- Leigh ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________