Firewall Wizards mailing list archives
Re: NAT on router vs. firewall
From: Neil Pike <NeilPike () compuserve com>
Date: Wed, 15 Jul 1998 03:45:21 -0400
<< From: Bill_Royds () pch gc ca How would you implement rules on firewall based on source address or destination address?. The firewall would only see the NAT versions of IP numbers so would not have any basis other than port to filter. 781.321.6000 >> Yes, the firewall only needs to see NAT'd addresses, but usually you have a one to one mapping for destination addresses inside your network, therefore you can apply rules just as tightly. For traffic coming in from outside (e.g. the internet) usually you're not going to know the source address anyway, so I find it easier to translate these to a pool of NAT'd addresses so that the firewall then knows that anything coming in from 40.10.10.x (say) is actually an Internet address. Neil Pike MVP/MCSE Protech Computing Ltd
Current thread:
- NAT on router vs. firewall Gregory Blake (Jul 12)
- <Possible follow-ups>
- Re: NAT on router vs. firewall Bill_Royds (Jul 14)
- Re: NAT on router vs. firewall Neil Pike (Jul 14)
- Re: NAT on router vs. firewall Neil Pike (Jul 15)
- Re: NAT on router vs. firewall Bill_Royds (Jul 15)
- Re: NAT on router vs. firewall Neil Pike (Jul 17)
- Re: NAT on router vs. firewall Bill_Royds (Jul 19)