Re: NAT is not a mechanism for securing a network.. but.. HELP!
From: Nicky (hackeras_at_gmail.com)
Date: 08/28/05
- Next message: Volker Birk: "Re: NAT is not a mechanism for securing a network.. but.. HELP!"
- Previous message: Yaff: "MTU problem DSL/CABLE Router - Firwall upgrade"
- In reply to:(deleted message) Leythos: "Re: NAT is not a mechanism for securing a network.. but.. HELP!"
- Next in thread: Leythos: "Re: NAT is not a mechanism for securing a network.. but.. HELP!"
- Reply:(deleted message) Leythos: "Re: NAT is not a mechanism for securing a network.. but.. HELP!"
- Reply: Volker Birk: "Re: NAT is not a mechanism for securing a network.. but.. HELP!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 28 Aug 2005 07:59:29 -0700
Leythos wrote:
> In article <1125227897.433705.252900@g44g2000cwa.googlegroups.com>,
> hackeras@gmail.com says...
> > Why did they add into NAT this "dont route inbound traffic capability"
> > that makes people beleive that NAT is a firewall?
>
> They didn't "Add" anything to NAT, that's how it's suppose to work - if
> it doesn't know where to send the packets, they just die.
Aaah, yes....
That makes veen cleared the fast that NATing isnt blocking anything but
instead isnt routing.
If the data coming to the router is a response to a previosuly
initiated connection from an internal host (and NAT sees that by
checking with its own NAT table, i guess by looking the incoming
source ip:port of the packet if it matches the previously outgoing dest
ip:port of the packet that send) then translste the dest ip and
redirect the packet. Thats one case of routing.
If an incoming packets comes as requesting a connection(meaning no NAT
entry record) then look the port forwarding rules. if you find that we
redirect such a port that the inbound packet wants then also route.
Thats 2nd case of routing
And third if NO NAT Entrry Record and NO Port forwarding rule also then
NAT dont know wht to do with the packet and thus it doenst route it but
simply ignore it. Thats what most people including me mistakenly used
to beleive thats this is blocking the inbound traffic when it just is
NOT ROUTING the incoming packet. Correct?
> NAT has several modes, one of them is 1:1 NAT, meaning no port blocking,
> just map everything from 1 IP to another 1 IP, the method used in the
> NAT Routers you purchase for home use doesn't even include the ability
> to route multiple WAN IP's.
1:1 NAT = Static NAT = means 1 public ip address to 1 internal right?
No needs for ports here.
Dynamic NAT = 1 public ip address to many internal hosts. Here we need
port seperations.
I would like to ask about the source port of the originatin packet.
lets say 10.0.0.1 want to communicate with soem wremote web server and
we have Dynamic NAT cause we have a lot of hosts in our lan.
how does tha NAT table looks like(in my case)?
10.0.0.1:(random port > 1024) <-> 10.0.0.1:(what port here? exactly the
same as 10.0.0.1's? or another random?) <-> remoteipaddress:80
Thanks!
- Next message: Volker Birk: "Re: NAT is not a mechanism for securing a network.. but.. HELP!"
- Previous message: Yaff: "MTU problem DSL/CABLE Router - Firwall upgrade"
- In reply to:(deleted message) Leythos: "Re: NAT is not a mechanism for securing a network.. but.. HELP!"
- Next in thread: Leythos: "Re: NAT is not a mechanism for securing a network.. but.. HELP!"
- Reply:(deleted message) Leythos: "Re: NAT is not a mechanism for securing a network.. but.. HELP!"
- Reply: Volker Birk: "Re: NAT is not a mechanism for securing a network.. but.. HELP!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
