[Dshield] NAT: Secure?

Alan Frayer afrayer at frayernet.com
Thu Aug 28 14:06:19 GMT 2003


On Thu, 2003-08-28 at 00:31, Micheal Patterson wrote:

> I've always looked at NAT as a rudimentary stateful firewall personally as
> that's how it functions by design. You can circumvent this by placing what
> is called a static NAT map / translation that will redirect inbound traffic
> to say, port 25, to an internal machine on port 25.  Most of the cable/dsl
> routers have the ability to set up one static host entry to divert all
> traffic to the outside IP to one system internally. This option doesn't work
> if you have your services on multiple internal systems however.  In my
> opinion, NAT itself, is a good start, a NAT + firewall combination is always
> better since NAT will take any outbound traffic and create a dynamic link
> for it.

Would you put the firewall on the outside of the NAT, or on the inside?

________________________________________________________________________
Alan Frayer,CNE,CNI,CIW CI,MCP,Net+ - afrayer at frayernet.com
Seeking an IT Mgmt/Network Admin position in the Tampa Bay Region
If you would like to discuss an opportunity with me, please e-mail.





More information about the list mailing list