Why are so many people into NATing their network? Is there anything wrong with assigning public IPs as most DSL and cable providers do?
We block some ports at the router to keep out viruses and such and have had no problems with assigning public IPs.
Can’t NATing cause some problems with port sensitive applications?
I’m just curious because I see so much discussion about NAT.
Someone please enlighten me.
The NAT that folks are referring to is the NAT functionality in the SM’s. When NAT is enabled in the SM it performs the functions of a basic router. The newest version 8.1 has added some port mapping capability. 8.1.4 had some issues with NAT which were corrected in 8.1.5.1.
You can put a private IP in the WAN side of the SM however that creates a double NAT situation. For the average home user that’s not a problem and potentially helps protect them a little more.
Being a business provider, we use a public IP scheme for customer IP’s and private IP’s for the radios. 95% of the time the customer will have a SOHO router and the SM will just be a bridge. When we do implement NAT in the SM, we put the public IP in the WAN side.
We do the same. We use a 10.x.x.x for the radio’s IP, but do not use NAT, so the customer gets a public IP. Most home users wouldn’t know the difference if you turned NAT on, but I personally would never subscribe to an ISP that didn’t give me a public IP. Things I have personally found NAT to cause headaches for are things like File transfers on instant messengers, gaming, VPN, VoIP, torrents, and anything requiring an incoming connection, such as VNC, FTP, or any other services a person may wish to host. Yes you can port forward, but that requires more administration. If a user wants to connect more than one computer, we simply ask that they get a cheap linksys router, which does NAT.
dsginc wrote: Why are so many people into NATing their network? Is there anything wrong with assigning public IPs as most DSL and cable providers do?
Actually, most of the DSL deployments do NAT in the same way. The DSL "modem" is actually a router that has a PPPoE/oA client and it authenticates with the customer's user name and password, gets the public IP address, and then does DHCP and NAT on its Ethernet interface. Its only in the DOCSIS world that you see thousands and thousands of PC's with the public IP directly bound.
As the above poster noted, it can be issue for advanced users, but in general its better for you, your network, and definitely for you customers to NAT. That isn't to say you become a tyrant about it, we generally allow both methods but the default is NAT. If someone knows enough to ask for it, then they hopefully know enough to deal with the consequences of a direct connection to the public Internet.
Exactly my point of view, khelms. We NAT by default, but will very willingly put a public IP directly on client equipment if they request it and understand what the repercussions are. For most people, it’s essentially one more layer of protection from portscanners and worms. For my network, I now don’t have one giant bridged collision domain to deal with. NAT is very useful if it is well understood and used appropriately.