Assumptions
Assumptions
- For simplicity I have assumed there are no internal servers or other devices that must be accessed by the outside world. In any circumstances where this is not the case I believe the only secure solution is a properly configured hardware firewall. For more details on why NAT devices are not appropriate if you have Internet accessible servers please refer to Network Address Translation – Not a Security Panacea.
- I have assumed that all NAT will be outbound only. In other words all network connections will be initiated from your internal protected network and no connections will be allowed in unless they are a response to a request starting in your internal network. This goes back to the assumption you are not running servers.