running out of ip addresses!

[kribo]

i'm new to this field and i was wondering,<br>
if you run out of ip addresses,<br>
whats the best way to get more ip?<br>
lets say you're only given 1 class "c"<br>
address.<br>
can you "supernet" or how does "n.a.t." work?<br>
<br>
<br>
thanks!

 

[jfk]

Native Address Translation (NAT) is how this is usually handled. The NAT protocol translates one IP address on a network to another IP address on another network. Most often implemented on a router or firewall, NAT takes private IP addresses and translates them using a pool of public addresses. See RFC 1631 for more information.<br>
<br>
What I've done is reserve about 10-12 addresses for routers, firewalls, and external servers (ftp/web/smtp) and place the remaining addresses in a pool for my firewall's NAT. I've used one of the reserved addresses for privately addressing my network behind the firewall. Most major firewall packages and routers support this protocol.<br>
<br>
I hope that helps...<br>
jfk

 

[trooper]

I assign each remote site two or three internal class 'C' ranges. At the firewall, each site is assigned one proxy (NAT) address for its assigned internal ranges. So Site-A will use 202.1.2.3/32 as a proxy for internal ranges 192.168.2.0/24 and 192.168.3.0/24; Site-B will use 202.1.2.4/32 as proxy for 192.168.4.0/24 and 192.168.5.0/24<br>
<br>
This makes it easy to narrow down traffic by center. In my internal DNS, I list the legal addresses as proxy1.domain.com and proxy2.domain.com, ect. . . By looking at the logs, I can see that proxy3.domain.com is all traffic from Site-C<br>
<br>
As far as masking down an address-range. You lose two addresses for each bit you add. I only cut subnets if I have to, and if they're on each side of a router that can't NAT. (Like Cabletron SSR's with the current code)