Date: Tue, 28 Mar 2000 14:56:15 -0800 From: "Brian O'Shea" <boshea@ricochet.net> To: Randy Bush <randy@psg.com> Cc: Kelly Yancey <kbyanc@posi.net>, freebsd-net@FreeBSD.ORG Subject: Re: Security of NAT "firewall" vs. packet filtering firewall. Message-ID: <20000328145615.B330@beastie.localdomain> In-Reply-To: <E12a411-0001UE-00@roam.psg.com>; from Randy Bush on Wed, Mar 29, 2000 at 07:29:11AM %2B0930 References: <20000328113534.W330@beastie.localdomain> <Pine.BSF.4.05.10003281436440.3162-100000@kronos.networkrichmond.com> <E12a411-0001UE-00@roam.psg.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 29, 2000 at 07:29:11AM +0930, Randy Bush wrote: > > NAT will effectively protect the boxes on your network. > > how? firewalls protect. nat merely translates addresses. Correct. And since there is no way for machines outside of my local network to know what internal addresses are being translated by my router, there is no way to address them from outside. Even if these addresses are known, there is no route to them from the internet; they are reserved for use by private networks: <http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1918.txt>; So my network is logically isolated from the rest of the world, with the exception that internal machines can establish connections to external machines. -brian -- Brian O'Shea boshea@ricochet.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000328145615.B330>