Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 28 Mar 2000 14:56:15 -0800
From:      "Brian O'Shea" <boshea@ricochet.net>
To:        Randy Bush <randy@psg.com>
Cc:        Kelly Yancey <kbyanc@posi.net>, freebsd-net@FreeBSD.ORG
Subject:   Re: Security of NAT "firewall" vs. packet filtering firewall.
Message-ID:  <20000328145615.B330@beastie.localdomain>
In-Reply-To: <E12a411-0001UE-00@roam.psg.com>; from Randy Bush on Wed, Mar 29, 2000 at 07:29:11AM %2B0930
References:  <20000328113534.W330@beastie.localdomain> <Pine.BSF.4.05.10003281436440.3162-100000@kronos.networkrichmond.com> <E12a411-0001UE-00@roam.psg.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 29, 2000 at 07:29:11AM +0930, Randy Bush wrote:
> > NAT will effectively protect the boxes on your network.
> 
> how?  firewalls protect.  nat merely translates addresses.

Correct.  And since there is no way for machines outside of my local
network to know what internal addresses are being translated by my
router, there is no way to address them from outside.  Even if these
addresses are known, there is no route to them from the internet;
they are reserved for use by private networks:
<http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1918.txt>;

So my network is logically isolated from the rest of the world, with
the exception that internal machines can establish connections to
external machines.

-brian

-- 
Brian O'Shea
boshea@ricochet.net


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000328145615.B330>