Re: What's the difference between NAT and a FIREWALL?
From: Jens J. (zerog2k.ANTISPAM@yahoo.com)Date: 08/22/02
- Next message: Barry Simple: "Re: Daisy-chained LinkSys router problem"
- Previous message: Jens J.: "Re: What's the difference between NAT and a FIREWALL?"
- In reply to: Jens J.: "Re: What's the difference between NAT and a FIREWALL?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jens J." <zerog2k.ANTISPAM@yahoo.com> Date: Thu, 22 Aug 2002 07:03:27 GMT
PS if you really want to know the differences here, I suggest you get a book
about basic networking (so you understand the differences between hubs,
switches/bridges, routers, etc and where they fit on the OSI model) and then
learn up about TCP/IP protocol and more about the OSI model
A Cisco CCNA book will teach you all of that.
Jens (cant find a frickin network engineer job in Dallas) Jensen
MCP, CCNA
"Jens J." <zerog2k.ANTISPAM@yahoo.com> wrote in message
news:VY%89.243390$uj.375545@rwcrnsc51.ops.asp.att.net...
> you first need to understand a little bit about the OSI model to truely
> understand the differences, but I wont go into it fully here!!
>
> anyways:
> a router is just a router that routes TCP/IP traffic (at Layer 3: the
> network layer)
> NAT is network address translation: basically a router that routes between
> routable (public) addresses and non-routable (private) IP addresses. Nat
is
> most often used to make an entire range of private addresses (say a small
> company/home users) get on the internet with just one public IP address
from
> their ISP. This is address space conservation (since there arent many
public
> IP addresses available now). NAT also provides a measure of security,
since
> an outside user cant see the private (LAN) side users IP address, or
> otherwise communicate with it (unless the private address initiated the
> conversation). The outside user generally can only see the IP address of
the
> router.
>
> A firewall is any router (nat or not) that has rules on it that filter
> traffic. Example, a rule on a firewall might say only this outside address
> or range of addresses are allowed to connect to this particular internal
web
> server, and ignore all other communications (often called access control
> lists, filtering, etc) this is done by IP address and ports, and applied
per
> direction of traffic (all at layer 3/4)
>
> A proxy server is a server that acts as a router/firewall, but at a higher
level on
> the OSI model (usually layer 4/5)
> it inspects and filters traffic on an application level among other
things,
> rather than simply by addresses and ports
> proxy servers are used by large companies because they have more control
> over filtering content, type of traffic, etc, plus there are usually more
> logging and reporting features, and they can also limit by usernames,etc
>
>
>
> "T.A." <res0gyio@verizon.net> wrote in message
> news:1_W89.153$xN.81@nwrddc03.gnilink.net...
> > There are several terms that can be confusing in my opinion. They are
> NAT,
> > Firewall, and Proxy Server.
> >
> > Would someone please confirm that all my information is correct...? I
am
> > basically trying to come up with some comparisons. Comments are very
> > welcome!!!
> >
> > ***NAT...(Network Address Translation)***
> >
> > Is not a real firewall.
> >
> > Will respond to an outside ping because it does not truely block all
> ports.
> >
> > Will not work as good as a proxy server because it is not designed to
> share
> > "port routing" between multiple internal IP addresses. (as far as
> internal
> > web-browsing, etc)
> >
> > Will not allow logging.
> >
> > NAT is possible to get thru (like from a hacker)
> >
> > ***Firewall***
> >
> > It is a true firewall - unlike NAT.
> >
> > Will normally not respond to an outside ping command because it truely
> > blocks all port traffic.
> >
> > Can work just as well as a proxy server (as far as internal
web-browsing,
> > etc)
> >
> > Almost always has a logging feature
> >
> > Is pretty near impossible to hack into.
> >
> > ***Proxy Server***
> >
> > Acts like a firewall - probably not as secure as NAT or a real firewall.
> >
> > Will normally respond from an outside ping command.
> >
> > Works better than NAT as far as internal web-browsing, etc.
> >
> > Usually has a logging feature.
> >
> > Is possible to hack into depending on what software you use.
> >
> >
> >
> >
>
>
- Next message: Barry Simple: "Re: Daisy-chained LinkSys router problem"
- Previous message: Jens J.: "Re: What's the difference between NAT and a FIREWALL?"
- In reply to: Jens J.: "Re: What's the difference between NAT and a FIREWALL?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
