Firewalls: Re: Re[2]: NT NAT

Firewalls
(January 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Re[2]: NT NAT
From:	lists @ lina . inka . de (Bernd Eckenfels)
Date:	Sat, 4 Jan 1997 05:01:32 +0100 (MET)
To:	dharris @ kcp . com
Cc:	firewalls @ GreatCircle . COM, ckn @ findata . se
In-reply-to:	<199701031957 . LAA20883 @ miles . greatcircle . com> from "dharris @ kcp . com" at Jan 3, 97 01:46:49 pm

Hello,

> Added security?  Only that extra security provided by not having your network's 
> addresses known to the 'net.  The NAT provides no extra protection from someone 
> "outside" who knows or deduces (from unparsed E-mail headers, perhaps) your 
> actual addresses.  It also provides no activity logging for later audit, at 
> least not as part of the NAT function.

This is not quite true. NAT can protect you from outisde cause it only
allows you to make connections from the inside to the outside. If you use
Linux Masquerading for example there is no way to reach an listening port of
the internal network from outside. This is sort of statefull connection
filtering.

Greetings
Bernd
--
  (OO)      -- Bernd_Eckenfels @
 Wittumstrasse13 .
 76646Bruchsal .
 de --
 ( .. )  ecki @
 {inka .
 de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes @
 irc  +4972573817  BE5-RIPE
(O____O)       If privacy is outlawed only Outlaws have privacy

References:

Re[2]: NT NAT
From: dharris @ kcp . com

Indexed By Date	Previous:	Re: NT NAT From: Darren Reed <avalon @ coombs . anu . edu . au>
Indexed By Date	Next:	Re: Re[2]: NT NAT From: Carl Karlsson <ckn @ findata . se>
Indexed By Thread	Previous:	Re[2]: NT NAT From: dharris @ kcp . com
Indexed By Thread	Next:	Re: Re[2]: NT NAT From: Carl Karlsson <ckn @ findata . se>