[WEB4LIB] Fire walls and multiple IP addresses - can they
be?
Eric Holt
eholt at cals.lib.ar.us
Fri Jan 18 14:19:45 EST 2002
The short answer is yes, you can use individual public IP addresses for
each of your machines through a firewall. The reason for this is that it's
not really the firewall that is making all of your computers look like they
are coming from one IP address.
Apparently your organization is running through a proxy server or a router
with NAT address translation, and that's what is making all of the
computers share an IP address--this has nothing to do with the firewall
itself. There is no reason why you have to share an IP address like that
in order for the firewall to work correctly, but many organizations do this
so that they can keep their internal machines on private IP addresses as an
additional security measure.
Even so, it's possible to go through a proxy server/ NAT and have your
department appear to be coming from one IP address and the rest of the FDA
from another. There is no techinical reason that it can't be done, you
just have to convince someone to re-configure things that way.
Good luck!
Eric Holt
Manager, Computer and Network Services
Central Arkansas Library System
100 Rock St.
Little Rock, AR 72201
(501) 918-3060
At 10:51 AM 1/18/2002 -0800, you wrote:
>For several years now, we have been trying to work our way out of a problem.
>Most of the vendors want to sell us services and subscriptions that limit
>access to our FDA Center by IP address. However, since all of FDA has the
>same IP address as a result of its fire wall configuration, we have problems
>with individual vendors. Some will go along with it and others want us to
>pay for all of FDA. Since we are the only center to use some engineering
>and science sources, this is difficult to sell to our superiors.
>
>However the point of this question is to get up to date on fire wall
>technology. I was told the year before last that our technology (I think it
>is called Raptor) would be able to deliver more than one IP address to an
>organization. Since then, with some looking on my part, I have not seen if
>this is possible or not. Nobody in FDA had mentioned this and those who run
>our fire wall are not convinced that it would be of value to have more than
>one IP address. Not so far as I know, at my position many levels below.
>
>Is it a reasonable and "easy" process to have a fire wall now which can
>allow individual areas to have individual IP addresses?
>
>Or is there another solution to this problem?
>
>We have tried passwords, but that is another tale of pain and woe.
>
>I understand that some libraries don't even worry about it, but we want to
>stay honest.
>
>Thanks,
>
>Gary Masters
>
>
>
>Gary E. Masters
>Librarian (Systems)
>CDRH - FDA
>(301) 827-6893
Eric Holt
Manager, Computer and Network Services
Central Arkansas Library System
100 Rock St., Little Rock AR 72201
(501) 318-3060
More information about the Web4lib
mailing list