From owner-freebsd-net  Tue Mar 28 16:45:30 2000
Delivered-To: freebsd-net@freebsd.org
Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33])
	by hub.freebsd.org (Postfix) with ESMTP id 91D7B37BE61
	for <freebsd-net@FreeBSD.ORG>; Tue, 28 Mar 2000 16:45:27 -0800 (PST)
	(envelope-from wes@softweyr.com)
Received: from softweyr.com (Foolstrustidentd@obie.softweyr.com [204.68.178.33])
	by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id RAA27706;
	Tue, 28 Mar 2000 17:45:14 -0700 (MST)
	(envelope-from wes@softweyr.com)
Message-ID: <38E1528B.974251A6@softweyr.com>
Date: Tue, 28 Mar 2000 17:47:07 -0700
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.3-RELEASE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Randy Bush <randy@psg.com>
Cc: Kelly Yancey <kbyanc@posi.net>, freebsd-net@FreeBSD.ORG
Subject: Re: Security of NAT "firewall" vs. packet filtering firewall.
References: <20000328113534.W330@beastie.localdomain>
		<Pine.BSF.4.05.10003281436440.3162-100000@kronos.networkrichmond.com> <E12a411-0001UE-00@roam.psg.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Randy Bush wrote:
> 
> > NAT will effectively protect the boxes on your network.
> 
> how?  firewalls protect.  nat merely translates addresses.

If you don't "forward" ports from the NAT box to internal boxes, there
is NO path from the outside to the inside.  Viola!  The internal boxes
are safe from attack.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message