Re: NAT isn't a firewall Re: harbinger, Re: [midcom] WG scope/deliverabl

On Sat, Feb 03, 2001 at 10:50:08AM -0800, Grenville Armitage wrote:



Einar Stefferud wrote:
      [..]

had my own home system and discovered that I had no interest in being
totally visible and accessible at all times, especially when I was
not always around to monitor things.

So, now I am very happy behind my little XRouter NAT box, with an ISP
service out there where I can have a login shell  if I wish.


NAT doesn't primarily provide security, a firewall does. A firewall
doesn't have to do NAT. If you dont mind the number of IP addresses
you get from your ISP, install a smart firewall and ditch the NAT
box (or twiddle some config options in your Xrouter... whatever)


Although address obfuscation through combining NAT with your firewall
can provide a small amount of additional security.

...Scott

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: "redesign[ing] the architecture of the Internet", Dave Crocker

Next by Date:

Re: "redesign[ing] the architecture of the Internet", Keith Moore

Previous by Thread:

NAT isn't a firewall Re: harbinger, Re: [midcom] WG scope/deliverables, Grenville Armitage

Next by Thread:

Re: NAT isn't a firewall Re: harbinger, Re: [midcom] WG scope/deliverables, Jon Crowcroft

Indexes:

[Date] [Thread] [Top] [All Lists]