Re: home network behind NAT and firewall ?
From: Leythos (void_at_nowhere.lan)
Date: 02/19/05
- Next message: Gerald Vogt: "Re: Best to use Zone Alarm or Avast for email protection?"
- Previous message: smooter: "Re: Norton Internet Security 2005 Personal Firewall slows down Windows XP startup"
- In reply to: Gerald Vogt: "Re: home network behind NAT and firewall ?"
- Next in thread: Gerald Vogt: "Re: home network behind NAT and firewall ?"
- Reply: Gerald Vogt: "Re: home network behind NAT and firewall ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 19 Feb 2005 00:24:34 GMT
On Sat, 19 Feb 2005 09:15:44 +0900, Gerald Vogt wrote:
> You should really read what you are answering to. The given scenario
> allows to avoid NAT, so you should do. Most people don't have the option
> and have to use NAT because they only have on IP address available. If
> you can have more, don't use NAT. NAT is a way to make holes into your
> firewall to allow responses to out-going requests. Why do you want to do
> that if you are not required to?
Gerald, I have 10 IP on my home service, and I run 4 subnets behind a real
Firewall appliance with more than 20 systems at any given time. My
firewall provides for the ability to assign both public (not nat) and
natted segments, but I use NAT since there is no benefit in running a
public IP on any of the systems.
My situation is different that most, I install firewalls for the networks
I design, I do this for medical centers, nursing homes, government groups,
commercial businesses, and for the occasional small shop.
The given scenario is a perfect example of why the op should have been
using a NAT solution - it would keep all the traffic related to their LAN
inside their network and it would never have to reach the ISP's device. It
would also protect the internal network from malicious external traffic.
> Anyway, taking my answering for a specific scenario and telling me to
> reconsider my position for home/small users is, well, ...
Well.... I considered your position and based on the information I had and
with the other post, I still suggest that you reconsider NAT for base
installations, even those with one IP and one computer. Use of a personal
firewall application, weather it's ZoneAlarm, Sygate, SP2 FW, etc... is
just an accident waiting to happen for any place that doesn't have a
security/firewall person on hand to monitor/set it up and maintain it.
Based on the OP's need to share files between two computers, a NAT ROUTER
solution is the perfect and optimal method. Anything that puts the two
computer on the public network is a security risk when File/Printer
sharing is enabled.
Even if you want to share files between two computers across the net, not
on the same ISP, file sharing using MS file sharing methods is still the
wrong path to take. The proper path would be to enable PPTP Passthrough on
the router and then configure the two remote machines to VPN to each other
through the routers (one would require port forwarding for PPTP).
I hate to sound like I'm about too, but none of us that do this for a
living, and those of us that have never had a compromised network/system,
would suggest running a Windows PC directly on the Internet with any type
of personal firewall as the only means of protection, at least not any of
us that get paid for solutions.
-- spam999free@rrohio.com remove 999 in order to email me
- Next message: Gerald Vogt: "Re: Best to use Zone Alarm or Avast for email protection?"
- Previous message: smooter: "Re: Norton Internet Security 2005 Personal Firewall slows down Windows XP startup"
- In reply to: Gerald Vogt: "Re: home network behind NAT and firewall ?"
- Next in thread: Gerald Vogt: "Re: home network behind NAT and firewall ?"
- Reply: Gerald Vogt: "Re: home network behind NAT and firewall ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
