Re: What's the difference between NAT and a FIREWALL?

From: Jens J. (zerog2k.ANTISPAM@yahoo.com)
Date: 08/22/02

• Next message: Jens J.: "Re: What's the difference between NAT and a FIREWALL?"
• Previous message: : "Re: smb PDC w/ Win2000 clients- how to allow for local Admin, but domain USER access"
• In reply to: : "What's the difference between NAT and a FIREWALL?"
• Next in thread: Jens J.: "Re: What's the difference between NAT and a FIREWALL?"
• Reply: Jens J.: "Re: What's the difference between NAT and a FIREWALL?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Jens J." <zerog2k.ANTISPAM@yahoo.com>
Date: Thu, 22 Aug 2002 06:59:01 GMT

you first need to understand a little bit about the OSI model to truely
understand the differences, but I wont go into it fully here!!

anyways:
a router is just a router that routes TCP/IP traffic (at Layer 3: the
network layer)
NAT is network address translation: basically a router that routes between
routable (public) addresses and non-routable (private) IP addresses. Nat is
most often used to make an entire range of private addresses (say a small
company/home users) get on the internet with just one public IP address from
their ISP. This is address space conservation (since there arent many public
IP addresses available now). NAT also provides a measure of security, since
an outside user cant see the private (LAN) side users IP address, or
otherwise communicate with it (unless the private address initiated the
conversation). The outside user generally can only see the IP address of the
router.

A firewall is any router (nat or not) that has rules on it that filter
traffic. Example, a rule on a firewall might say only this outside address
or range of addresses are allowed to connect to this particular internal web
server, and ignore all other communications (often called access control
lists, filtering, etc) this is done by IP address and ports, and applied per
direction of traffic (all at layer 3/4)

A proxy server is a server that acts as a router, but at a higher level on
the OSI model (usually layer 4/5)
it inspects and filters traffic on an application level among other things,
rather than simply by addresses and ports
proxy servers are used by large companies because they have more control
over filtering content, type of traffic, etc, plus there are usually more
logging and reporting features, and they can also limit by usernames,etc

"T.A." <res0gyio@verizon.net> wrote in message
news:1_W89.153$xN.81@nwrddc03.gnilink.net...
> There are several terms that can be confusing in my opinion. They are
NAT,
> Firewall, and Proxy Server.
>
> Would someone please confirm that all my information is correct...? I am
> basically trying to come up with some comparisons. Comments are very
> welcome!!!
>
> ***NAT...(Network Address Translation)***
>
> Is not a real firewall.
>
> Will respond to an outside ping because it does not truely block all
ports.
>
> Will not work as good as a proxy server because it is not designed to
share
> "port routing" between multiple internal IP addresses. (as far as
internal
> web-browsing, etc)
>
> Will not allow logging.
>
> NAT is possible to get thru (like from a hacker)
>
> ***Firewall***
>
> It is a true firewall - unlike NAT.
>
> Will normally not respond to an outside ping command because it truely
> blocks all port traffic.
>
> Can work just as well as a proxy server (as far as internal web-browsing,
> etc)
>
> Almost always has a logging feature
>
> Is pretty near impossible to hack into.
>
> ***Proxy Server***
>
> Acts like a firewall - probably not as secure as NAT or a real firewall.
>
> Will normally respond from an outside ping command.
>
> Works better than NAT as far as internal web-browsing, etc.
>
> Usually has a logging feature.
>
> Is possible to hack into depending on what software you use.
>
>
>
>

---

• Next message: Jens J.: "Re: What's the difference between NAT and a FIREWALL?"
• Previous message: : "Re: smb PDC w/ Win2000 clients- how to allow for local Admin, but domain USER access"
• In reply to: : "What's the difference between NAT and a FIREWALL?"
• Next in thread: Jens J.: "Re: What's the difference between NAT and a FIREWALL?"
• Reply: Jens J.: "Re: What's the difference between NAT and a FIREWALL?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Using a Linksys router, should I also use Zonealarm? Internet Acceptable Use Policy ... my browser's access to the Internet is restricted. ... I thought it was the company's firewall extending a slap on my ... > public internet to access corporate network. ... > NAT is Network Address Translation. ... (microsoft.public.security) Re: Whats the difference between NAT and a FIREWALL? ... > a router is just a router that routes TCP/IP traffic (at Layer 3: ... > NAT is network address translation: basically a router that routes between ... a rule on a firewall might say only this outside address ... > A proxy server is a server that acts as a router/firewall, ... (comp.security.firewalls) Re: Cascading firewalls ... >> Smoothwall NIC running to a switch and to have all the other PCs on the LAN, ... >> in the firewall to restrict outward access to proxy only. ... it would be better to have the proxy server segmented from the ... Internet ... (comp.security.firewalls) Re: Windows as Proxy Server vs. other firewall approaches..... ... > I'm trying to read up on comparing a Windows-based proxy server (such as ... > WinProxy) with NAT routers with stateful packet inspection. ... > Is a transparent proxy server setup any better than a NAT router? ... which all have private internal IP addresses not visible on the Internet. ... (microsoft.public.windowsxp.network_web) Re: Please Help me to block the hackers ... It's typical to use a firewall and NAT with private IP address ranges. ... NAT device in order to reach the internet. ... (microsoft.public.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)