RE: [Firewalls] Help me understand servers behind NAT routers

From: Jayant Shukla (jshukla@trlokom.com)
Date: 11/07/02

• Next message: T@K: "Re: Norton 2003"
• Previous message: steven-b: "Re: Tiny Firewall 3"
• In reply to: : "Help me understand servers behind NAT routers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Jayant Shukla" <jshukla@trlokom.com>
Date: Wed, 6 Nov 2002 20:55:30 -0800

> -----Original Message-----
> From: firewalls-admin@section5.cyberbase7.com [mailto:firewalls-
> admin@section5.cyberbase7.com] On Behalf Of Zaf
> Sent: Wednesday, November 06, 2002 8:33 PM
> To: firewalls@section5.cyberbase7.com
> Subject: [Firewalls] Help me understand servers behind NAT routers
>
> I recently got broadband and the day I got it I installed zonealarm.
> ZA flagged numerous apps as requesting server privliges (foggy memory
> says email, AV updater, ad blocking, file sharing). I removed the ZA
> but installed a cheapie (linksys) router with NAT. All these apps
> magically work behind the NAT, so I am a bit confused. Does the NAT
> expose these ports on the WAN side of the router? If so, I imagine
> these ports are a security risk. Since many of these programs are
> freeware, I imagine this would also be a nice place to install a
> trojan? A trojan installed in server software would to me appear to
> be the a good place, since you would allow this port to be open.
>
> Do I understand this properly?

As long as you do not put the computer in the DMZ or forward some ports
from the NAT to the computer, there is no worry.

All those programs are working from behind the NAT because you are
initiating the network connection from behind the NAT to outside. The
default policy on NATs is to drop all incoming network connections.

Regards,
Jayant
www.trlokom.com

---

• Next message: T@K: "Re: Norton 2003"
• Previous message: steven-b: "Re: Tiny Firewall 3"
• In reply to: : "Help me understand servers behind NAT routers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Static IP/Port Forwarding ... I recently was trying to install a program that required me to forward my NAT ... ports and also required me to keep a Static IP Address. ... unable to use MSN messanger. ... (microsoft.public.windowsxp.network_web) Messenger IP address ... I recently was trying to install a program that required ... me to forward my NAT ... ports and also required me to keep a Static IP Address. ... unable to use MSN messanger. ... (microsoft.public.windowsxp.messenger) IP ... I recently was trying to install a program that required me to forward my NAT ... ports and also required me to keep a Static IP Address. ... unable to use MSN messanger. ... (microsoft.public.windowsxp.general) Static IP/Forwarding Ports ... I recently was trying to install a program that required me to forward my NAT ... ports and also required me to keep a Static IP Address. ... unable to use MSN messanger. ... (microsoft.public.windowsxp.general) Help me understand servers behind NAT routers ... ZA flagged numerous apps as requesting server privliges (foggy memory ... expose these ports on the WAN side of the router? ... I imagine this would also be a nice place to install a ... (comp.security.firewalls)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.firewalls  > 2002-11