Is NAT a requirement for a internal network?

9860 pts.
External IP Addresses
Do we need to use Nat for our network if we have 5 computers and 7 useable IP addresses? Can we assign all the machines external IPs? Will this affect anything negatively?

Software/Hardware used:

Answer Wiki

Thanks. We'll let you know when a new response is added.

When you assign external IP addresses to your clients, you are exposing them to the wild world of the internet. This means that unless the clients have strong firewalls and are completely patched (even then there are 0-day exploits), it is likely the systems will be compromised very quickly. It is always best practice to have private addresses behind your firewall/gateway and let it do the NAT for you. Most of them will do it dynamically and no additional configuration is likely needed. If you need to expose a system using an IP address, be sure to expose ONLY the necessary service(s) and disable/block everything else on that host.

Discuss This Question: 3  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Spadasoe
    Assign your computers through DHCP (or static if you want to) a private network address. If your one or more of your systmes need outside exposure, such as a public web server, you will need to assign an outside address and configure the NAT in your firewall/router.
    5,130 pointsBadges:
  • petkoa
    I do think that assignment of external / public / real (whatever you call them) to LAN PCs have nothing to do with security of the network. If you have a properly configured firewall between LAN and IN risks are not greater with public IPs. About DHCP - it is possible to dispose public IPs the same way you dispose private IPs. About split DNS - the same as for DHCP... Anyway, sooner or later we all shall migrate to IPV6 - and shall forget about the concept of private IPs... So, my bottom line is that whatever you chose - private IPs with NAT and decently configured firewall, or public IPs with decently configured firewall, make your provisions for easy configuration and flexibility (DHCP, split-DNS) - if you have just 2 spare public IPs there are all chances that youll exhaust them before migration to IPV6. Petko
    3,140 pointsBadges:
  • The Most-Watched IT Questions: November 2, 2010 - ITKE Community Blog
    [...] We’ve got the discussion going over at IT answers on whether NAT is a requirement for an internal network. Join Labnuke99, Spadasoe and Petkoa on sorting this one [...]
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: