Organisations that don't use NAT

StinkyPinky

Diamond Member
Jul 6, 2002
6,883
1,095
126
For work I've come across a couple of large networks that don't appear to use NAT. Usually a university of some sort. All the clients tend to have a public non-private range (often class b) which I presume they purchased in bulk years ago when such things were easy to do.

I'm by no means a networking expert but why isn't this a security risk? Wouldn't that leave each client PC exposed directly to the internet? Is there some inherent advantage to not using NAT that I'm not aware of?
 

tomt4535

Golden Member
Jan 4, 2004
1,758
0
76
Even without NAT, there is presumably a firewall in place to restrict traffic in/out to the internet. Think about how IPv6 works. There is no NAT with IPv6, so every client will get a publicly routable internet IP. You can still restrict what IPs can talk between each other with a firewall or router ACL.
 

alkemyst

No Lifer
Feb 13, 2001
83,769
19
81
The only main danger is someone DDOSing a known IP or something like that....but there are measures that can be put in place.

With IPv6, NAT will be a dinosaur. Even your USB stick may have an address.
 

azazel1024

Senior member
Jan 6, 2014
901
2
76
NAT can still be done with IPv6 and still typically is if your ISP is supplying you with an IPv6 address.
 
Feb 25, 2011
16,888
1,535
126
The only main danger is someone DDOSing a known IP or something like that....but there are measures that can be put in place.

With IPv6, NAT will be a dinosaur. Even your USB stick may have an address.
nanobots.png


Heh.
 

yinan

Golden Member
Jan 12, 2007
1,801
2
71
I will believe IPv6 when I see it. No one wants to use that thing. The only reason we are "out" of IPs is people like the OP designed their networks wrong.
 

drebo

Diamond Member
Feb 24, 2006
7,034
1
81
NAT != security. It's security through obfuscation. NAT without any other services doesn't help you at all.

You can have stateful packet inspection, layer 7 inspection, IPS, IDS, etc, etc, all without requiring NAT.
 

RadiclDreamer

Diamond Member
Aug 8, 2004
8,622
40
91
As others are pointing out, NAT is NOT security. NAT is only for translating addresses to other addresses, it gives some security through obscurity but is no replacement for a true firewall.
 

RadiclDreamer

Diamond Member
Aug 8, 2004
8,622
40
91
I will believe IPv6 when I see it. No one wants to use that thing. The only reason we are "out" of IPs is people like the OP designed their networks wrong.

When I started at my current company they had a /22 block of IP addresses and were using some as internal addresses because someone designed it that way a long time ago (mid 90s). That promptly was changed at the earliest possible opportunity.