Re: router firwalls?

From: CZ (CZ_at_no99spam.com)
Date: 04/08/04


Date: Thu, 08 Apr 2004 04:38:17 GMT


>> Nope. A router only does NAT (network address translation). Some people
classify NAT as a firewall, but it's not in my opinion. It's simply how a
router routes packets from external IP's (internet) to internal IP's (LAN).

Neo:

Router and NAT are two different concepts.
Router: does routing between two subnets via DA (destination address) and a
route table (OSI layer 3 only).
NAT as we use it: does one-to-many address translation via matching to a
port table (OSI layers 3 & 4).

And a stateless firewall: does packet filtering via packet header values
(OSI layers 3 & 4).

The problem is liberal usage of the word "router".

My Netgear RT314 "router" provides the functionality of all of the
following:
Router
NAT
Inbound and outbound stateless firewall rules on both interfaces

Note that I have used the RT314 with NAT disabled and it works as a basic
router, it allows communication between two subnets.



Relevant Pages

  • Re: New modem and iptables...
    ... The router performs firewall and NAT functions ... If you want to persuade me it's a modem, ... it's a router and _it_ has your public Internet address. ... It also does NAT (otherwise you couldn't have a private IP address on ...
    (Fedora)
  • Re: Would a firewall prevent Sasser worm?
    ... >> the same level of protection that I would have with any NAT router? ... >There are a variety of known attacks which can crash routers, ... >Firewall capability allows you to modify the NAT behaviour to allow selected ...
    (comp.security.misc)
  • Re: Would a firewall prevent Sasser worm?
    ... >> the same level of protection that I would have with any NAT router? ... >There are a variety of known attacks which can crash routers, ... >Firewall capability allows you to modify the NAT behaviour to allow selected ...
    (comp.security.firewalls)
  • Re: Would a firewall prevent Sasser worm?
    ... >> the same level of protection that I would have with any NAT router? ... >There are a variety of known attacks which can crash routers, ... >Firewall capability allows you to modify the NAT behaviour to allow selected ...
    (alt.computer.security)
  • Re: IP Addressing
    ... Address of the ISA server? ... firewall and router). ... On the firewall create a static NAT entry as I wrote ...
    (comp.dcom.sys.cisco)