Central Firewall at KIT: Removing 1:1 NAT entries

1:1 NAT records of the NAT service will no longer be supported as of December 1, 2019. Computers require a public IP address for access from the Internet. The SCC supports the IT officers in the changeover.

Abschaffung der 1:1 NAT Records

The Network Address Translation Service enables computers at KIT with a private IP address to communicate with the Internet. The private IP address of a computer is converted into a public IP address by the NAT service.

For communication from the inside (KIT) to the outside (Internet), 1:N-NAT (many computers use the same public IP address) is used.
This service is not affected.

For communication from the outside (Internet) to the inside (KIT), 1:1 NAT (one dedicated public IP address per computer) is used.
This service is no longer supported as of December 1, 2019!

This means that from this point on, all systems that are to be accessible from outside the Internet must have a public IP address (public IP addresses at KIT have the form 129.13.x.x / 141.52.x.x / 141.3.x.x).

The IT experts had already been informed of this change in July 2018. The presentation will be repeated in one of the next IT expert circles at Campus South.

The SCC will approach the affected organizational units or their IT representatives and will be happy to help with the changeover.

The following timetable is currently planned:

  • from October 1, 2018: no more new 1:1 NAT entries
  • December 1, 2019: all remaining 1:1 NAT entries will be deleted

IT representatives are already welcome to take the initiative and contact netze∂scc.kit.edu if they have any questions.

_ _ _

NAT Service: https://www.scc.kit.edu/dienste/3751.php