Re: Filter Internet NAT Redirection
- From: roberson@xxxxxxxxxxxx (Walter Roberson)
- Date: Fri, 20 Oct 2006 00:48:45 GMT
In article <fkufj2d1rifpfitvblffti0ki8us7cqqdt@xxxxxxx>,
Nancy Pi Squared <weirdlinks@xxxxxxxxxxxxx> wrote:
Say I have a single computer, router, and modem.
I'll take it that you mean something like "DSL modem" rather than
Say my one computer has an ip address of 192.168.0.1
But my computer/router/modem ip address is 18.104.22.168
Say my computer is acting as a "server" for something.
Say that something is it's acting as an FTP server.
Say the router is not filtering NAT redirection.
Are you telling me that I can sit at my computer (server) at
192.168.0.1 to ftp 22.214.171.124 and that ftp request will go to the
router, to the modem, to the isp domain name server, and then loop
back to the modem, to the router, and finally back to the one computer
on my network that the router knows is at 126.96.36.199?
The router itself knows that its IP address is 188.8.131.52, so
the ftp request would go out from your computer to the router, which
would see that the destination was the same as the public IP of
the router, and so would rewrite the packet to be addressed to
192.168.0.1 and would send it back to the computer.
The ADSL modem and ISP DNS server would only be involved if you
were to ask for the resource by hostname and your computer's DNS
client asked the ISP DNS server to resolve the name and got told
your public IP address. The DNS request would go out via the ADSL
link to some server and come back again, but once the IP address of
the destination was known to your local computer, it would place
the ftp request by IP address, and your local router would
short-circuit the run.
Then I turn on the router option to filter NAT redirection.
I sit at my computer (server) at 192.168.0.1 to ftp 184.108.40.206 and
that ftp request will go to the router, to the modem, to the isp
domain name server, and then loop back to the modem, to the router,
and stop there never making it back to the computer only the router
knows is at 220.127.116.11?
No, if the filtering was on, then when the outgoing request reached
your router, your router would see that the public IP of the
destination was one handled by the router, and the router would deny
the request without allowing it out to the ISP.
- Prev by Date: Re: Filter Internet NAT Redirection
- Next by Date: Re: false portscan alarm
- Previous by thread: Re: Filter Internet NAT Redirection
- Next by thread: Cisco ASA 5510 vs. Juniter SSG 140