Posted by: Anonymous Coward
on January 27, 2004 07:25 AM
NAT does not provide security?
Perhaps you can explain how my lan hasn't been hacked in the last few years?
To put it in Linux terms, the following setup provides the same security as NAT:
Didn't you just finish saying NAT does not pro...?
Can you also provide the code for opening port 80? Allowing ssh only from my lan behind one public ip address (nat) to my apache server on another public ip address? Allowing access to ssh from my lan to the outside world?
Where do I put the code? How do I enable it to run on every boot up? Do I then have to leave a workstation or server running instead of an appliance?
But if you actually want to open up a port on the machine behind that firewall, it's easy. Doing so with NAT introduces extra complexity.
Gee, let's see...Open browser. That's a tough one. enter ip address of appliance...getting tougher. enter user name and password...can I spell?...hit forwarding tab...can I use a mouse?...enter port number to forward in first field...hit apply...double check...close browser...rocket science.
NAT also complicates troubleshooting. Without NAT, you can sniff the traffic at any point along the path of the packet, and you should see the same picture. If you don't see the same picture, then you know where the problem is. But with NAT, the IP addresses involved change at a certain point, and in a busy network, it becomes difficult/impossible to disentangle the traffic generated by a particular machine.
Let's see...how best to answer above...LIAR!...that should do it.
NAT also complicates tracking down the source of network abuse or other traffic that might need to be tracked. The IP address you see on the receiving end maps to many different potential sources, and the administrator of the source network likely has no way to determine which internal machine was responsible for it.
Once again, how best to answer above...oh yeah, LIAR!
Learn about Linux
Download Linux
Get Linux help
Re:I hate NAT :-)
Posted by: Anonymous Coward on January 27, 2004 07:25 AMPerhaps you can explain how my lan hasn't been hacked in the last few years?
Didn't you just finish saying NAT does not pro...?
Can you also provide the code for opening port 80? Allowing ssh only from my lan behind one public ip address (nat) to my apache server on another public ip address? Allowing access to ssh from my lan to the outside world?
Where do I put the code? How do I enable it to run on every boot up? Do I then have to leave a workstation or server running instead of an appliance?
Gee, let's see...Open browser. That's a tough one. enter ip address of appliance...getting tougher. enter user name and password...can I spell?...hit forwarding tab...can I use a mouse?...enter port number to forward in first field...hit apply...double check...close browser...rocket science.
Let's see...how best to answer above...LIAR!...that should do it.
Once again, how best to answer above...oh yeah, LIAR!
That just about covers everything.
#