Re: Help! 1 to 1 NAT on Linksys RV082 opens up firewall!
From: Duane Arnold (notme_at_notme.com)
Date: 02/13/04
- Next message: Me_at_home.here: "Re: Mail size Limit?"
- Previous message: NeoSadist: "Re: What would you tell someone new to computers in relation to how to securing it"
- In reply to: Jim Dawson: "Help! 1 to 1 NAT on Linksys RV082 opens up firewall!"
- Next in thread: Matt Jarvis: "Re: Help! 1 to 1 NAT on Linksys RV082 opens up firewall!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 13 Feb 2004 18:08:49 GMT
jimdawson@myrealbox.com (Jim Dawson) wrote in
news:e1f9bda.0402130451.1fbf919b@posting.google.com:
> I am trying to set up 1 to 1 NAT on a linksys RV082 router. I have the
> need to access a few computers over the internet using specific ports.
> I configured 1 to 1 NAT on the RV082 and I was able to access the
> device on the LAN side of the router but it apparently removed all
> firewall protection in the process. I was able to ping IP address,
> connect to a Windows share, and even establish a pcAnywhere connection
> without defining any firewall rules to let me do so. I double checked
> and the firewall was enabled on the device. I am using the default
> firewall rules: Allow all traffic from LAN -> WAN, deny all traffic
> WAN -> LAN.
>
> According to the manual: "One to one NAT does not change the firealll
> functions work. Access to machines on the LAN from the Internet will
> not be allowed unless Network Access Rules are set, or Authenticated
> user sessions are established"
I just read a little bit on the user manual on this device. This one to
one Nat feature looks to be opening access to private side IP(s) behind
the router to the public Internet. I think when you do this mapping, the
protection of the router using SPI and the router's protection for those
IP being mapped to is out of the picture and the machine is wide open to
the Internet. The other machines on the LAN side this 1 to 1 NAT are not
being done for are still protected by the SPI and the router.
It's the same thing with me doing Port Forwadring of ports to a LAN IP on
my Linksys BEFW11S4 router. When I do that mapping I have to have a host
based FW on the machine setting rules on the machine as to what public IP
(s) can access the machine on the inbound ports to the machine.
I could be wrong, but you may have to do the same with any LAN side
IP/machine that this one to one NAT is enabled on and protecting it with
a host based FW. I am talking like with BlackIce, ZA, Sygate, etc, etc.
or if using IPsec that's on the Win2K and XP O/S(s) you can do it as well
to protect the machine.
Duane :)
- Next message: Me_at_home.here: "Re: Mail size Limit?"
- Previous message: NeoSadist: "Re: What would you tell someone new to computers in relation to how to securing it"
- In reply to: Jim Dawson: "Help! 1 to 1 NAT on Linksys RV082 opens up firewall!"
- Next in thread: Matt Jarvis: "Re: Help! 1 to 1 NAT on Linksys RV082 opens up firewall!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
