OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [suse-security] How FW-Router w/o masquerading ?
From: systemxmadmail.com
Date: Mon Oct 16 2000 - 03:15:17 CDT

On Tue, 10 Oct 2000 20:47:54 +0800, you wrote:

>To answer your question re security and PAT (You are almost certainly running
>PAT and not NAT) Yes, PAT for the most part only allows outgoing connections
>with the exception of DNS and someother UDP connections. (UDP is connectionless
>and as such is tricky to NAT/PAT/Masquerade/Firewall)

 Two Qs:

1) What's the difference between PAT and NAT?
2) I'd like some more information about how secure is a (private-IP)
intranet behind a router performing NAT/PAT or similar (which obviusly
has got a real IP address). My personal thoughts are that if the NAT
device isn't implementing any port forwarding to any internal machine,
the said machine is safe. Correct? So, the intranet would be safe for
external attacks (supposing router access is not granted and its
configuration is safe from hackers) without needing a fw or
router-filters, isn't it? Am I missing some interesting
 points?

 Regards.

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com