|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: NAT on router vs. firewall
Neil Pike (NeilPike
compuserve.com)
Wed, 15 Jul 1998 03:45:21 -0400
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Adam Shostack: "Re: Firewall blocking broadcasts in between NT Servers"
- Previous message: John Schoonover: "Check firewalls for Y2K"
- Next in thread: Bill_Roydspch.gc.ca: "Re: NAT on router vs. firewall"
<< From: Bill_Roydspch.gc.ca
How would you implement rules on firewall based on source address or
destination address?. The firewall would only see the NAT versions of
IP
numbers so would not have any basis other than port to filter.
781.321.6000 >>
Yes, the firewall only needs to see NAT'd addresses, but usually you
have a one to one mapping for destination addresses inside your
network, therefore you can apply rules just as tightly. For traffic
coming in from outside (e.g. the internet) usually you're not going to
know the source address anyway, so I find it easier to translate these
to a pool of NAT'd addresses so that the firewall then knows that
anything coming in from 40.10.10.x (say) is actually an Internet
address.
Neil Pike MVP/MCSE
Protech Computing Ltd
- Next message: Adam Shostack: "Re: Firewall blocking broadcasts in between NT Servers"
- Previous message: John Schoonover: "Check firewalls for Y2K"
- Next in thread: Bill_Roydspch.gc.ca: "Re: NAT on router vs. firewall"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:32 CDT