Re: home network behind NAT and firewall ?

From: Duane Arnold (notme_at_notme.com)
Date: 02/18/05 

Date: Fri, 18 Feb 2005 12:49:22 GMT

Gerald Vogt <vogt@spamcop.net> wrote in
news:4215de44$0$972$44c9b20d@news2.asahi-net.or.jp:

> Duane Arnold wrote:
>> You can get yourself a cheap NAT router and make it the gateway
>> device for the WAN and LAN and let it be the ICS device for the
>> machines on the LAN.
>
> I would not recommend that. Why by a NAT router that weakens the
> security when you can do it properly: use a firewall (or get a router
> that can be configured as real "firewall"). You don't need NAT and it
> only makes things harder. Get a firewall that blocks the in-coming
> traffic to the network and leaves the internal traffic regaring
> file-sharing etc. in the internal one. As the ISP does provide more
> than one IP address you don't need NAT.
>

The NAT router is no worst than using that XP FW - it's better. I could
have said go get a low-end WatchGuard like I use, but not everyone wants to
fork-up that kind of cash. I was hoping a Hotbrick would be a viable
solution for this kind of situation but I have my doubts about the support
and its longevity. Anyway, the router provides the protection that the XP
FW is doing plus it gives the OP the ICS and he can dump the XP FW, since
he is having so much trouble trying to configure it on the machines for
networking.
 
One could supplement the NAT router with IPsec that's on the Win2k, XP, and
Win 2K3 O/S(s) with the AnalogX rules implementation that will allow
networking on the LAN and protect the machines.

http://www.analogx.com/contents/articles/ipsec.htm

Duane :)

Relevant Pages

  • Remote Assistance not working
    ... I am unable to connect via Remote Assistance. ... The PC initiating the request ... We also tried the processw in reverse, the PC on the LAN ... up connection and that worked also so the problem is the NAT router. ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: Chuck, Help! File sharing network issue
    ... With a NAT router, set it to "Enable", ... uninstalled the NWLink IPX/SPX/NetBios, the OTHER NWLink was no longer listed. ... NetBT set to "Default" is appropriate on a LAN with a real DHCP server (not a ...
    (microsoft.public.windowsxp.network_web)
  • Re: Cant reach my machine using TCPClient
    ... connecting to a peer-to-peer server on some random port. ... But these behaviors are usually disabled when a client of the NAT router _initiates_ communication outbound. ... So, if this "new random application" is on your LAN but connecting to an IP address outside the LAN, the NAT router is handling that automatically, acting as a proxy between the client on your LAN and the outside address. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Multiple IP assignment
    ... ICS is a software based NAT router. ... A NAT router lets you use one external IP ... subnet for your LAN, ... BUT please secure your computers if you do this. ...
    (microsoft.public.windowsxp.network_web)
  • [Slightly OT]Wired+wireless LAN at home
    ... I would like to add a dedicated WiFi AP to my current home LAN. ... In my house I have two ADSL lines coming to a router and a bridge. ... Now I would like to add an AP connected to the NAT router to use from my ... Will this WiFi AP act as a "bridge" serving the NAT router DHCP addresses? ...
    (Debian-User)