Firewall Wizards mailing list archives
RE: NAT Pseudo Security
From: "Daniel Chemko" <dchemko () smgtec com>
Date: Thu, 6 May 2004 09:51:07 -0700
David Lang wrote:
The ready availability and deployment of Linux on low end router type devices is makeing it so that when many people talk about the capabilities of NAT they include PAT (port address translation, masquerading, etc) becouse they don't even realize that that this is a different beast then the traditional NAT. (for that matter, for several releases of linux the kernel only knoew how to do PAT, NAT is a relativly recent addition)
FYI: 199x Linux 2.2 had primitive versions of both PAT & NAT. 2001 Linux 2.4+ can do pretty much anything you throw at it. For 2.4, you can even get more powerful features if you know how to apply them. For my firewall, I use L4 policy routing which seems to be unavailable in any of the 'appliance' firewalls I've looked at. Mind you, my budget is a lot thinner than a dollar bill :-)
while egress filtering is important for many reasons, the simple step of blocking inbound connections is a great beginning.
Isn't the example you describe INGRESS filtering? Egress == Out Ingress == In But yes, egress filtering is important when you can't anally control the environment you're working in. Even if you can control the machines, there is still the risk that something'll slip through. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: NAT Pseudo Security, (continued)
- RE: NAT Pseudo Security Paul D. Robertson (May 05)
- RE: NAT Pseudo Security Frank Knobbe (May 05)
- RE: NAT Pseudo Security Paul D. Robertson (May 05)
- RE: NAT Pseudo Security David Lang (May 06)
- Re: NAT Pseudo Security salgak (May 04)
- VPN testing utility lordchariot (May 04)
- Re: NAT Pseudo Security R. DuFresne (May 05)
- RE: NAT Pseudo Security Melson, Paul (May 04)
- RE: NAT Pseudo Security Sloane, David (May 04)
- RE: NAT Pseudo Security Chris Carlson (May 04)
- RE: NAT Pseudo Security Daniel Chemko (May 06)
- RE: NAT Pseudo Security David Lang (May 06)
- RE: NAT Pseudo Security Melson, Paul (May 06)