Re: [Firewalls] Help me understand servers behind NAT routers
From: Melinda Shore (shore@panix.com)Date: 11/07/02
- Next message: : "Re: Constant traffic reported - 1 attachment"
- Previous message: Jayant Shukla: "RE: [Firewalls] Help me understand servers behind NAT routers"
- In reply to: Jayant Shukla: "RE: [Firewalls] Help me understand servers behind NAT routers"
- Next in thread: Jayant Shukla: "RE: [Firewalls] Help me understand servers behind NAT routers"
- Reply: Jayant Shukla: "RE: [Firewalls] Help me understand servers behind NAT routers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: shore@panix.com (Melinda Shore) Date: 7 Nov 2002 14:10:55 -0500
In article <mailman.1036695545.16086.firewalls@section5.cyberbase7.com>,
Jayant Shukla <jshukla@trlokom.com> wrote:
>I will ask you again, did I or did I not address the original posters
>question? In your mail you implied that my response was incorrect and
>turned this into a NAT v/s a firewall issue. Once again, the prime
>concern of the original poster was about exposed ports on the WAN side.
You gave an incomplete answer. If you're unfamiliar with an
area it's often difficult to frame a question, and if you
have a little bit of information you'll tend to frame the
question in terms of that tidbit. If someone comes to you
and asks "Does stainless steel conduct electricity?" they
may be asking out of curiosity, they may be asking because
they're doing a science experiment, or they may be asking
because they saw a smoking toddler lying on the floor in
front of an electrical outlet, grasping a fork, and they
wanted to know what happened.
So, when someone asks "are these ports exposed?" it's a
pretty safe bet that they want to control whether or not
they are, and there are several answer to that question,
including don't run servers and use a firewall. Indeed, a
firewall is a better answer to that question than a NAT is,
in that it can completely disallow access or it can allow
or disallow access on the basis of factors like source
address or range of source addresses.
>Did you know that Barbara had asked us to submit a draft for NAT
>traversal?
When someone is carrying on about something or other it's
SOP to ask them to write it up as an ID and submit it.
That's the way the IETF works.
--
Melinda Shore - Software longa, hardware brevis - shore@panix.com
If you send me harassing email, I'll probably post it
- Next message: : "Re: Constant traffic reported - 1 attachment"
- Previous message: Jayant Shukla: "RE: [Firewalls] Help me understand servers behind NAT routers"
- In reply to: Jayant Shukla: "RE: [Firewalls] Help me understand servers behind NAT routers"
- Next in thread: Jayant Shukla: "RE: [Firewalls] Help me understand servers behind NAT routers"
- Reply: Jayant Shukla: "RE: [Firewalls] Help me understand servers behind NAT routers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
