[134883] in North American Network Operators' Group
Re: Is NAT can provide some kind of protection?
daemon@ATHENA.MIT.EDU (Jack Bates)
Wed Jan 12 15:42:08 2011
Date: Wed, 12 Jan 2011 14:36:14 -0600
From: Jack Bates <jbates@brightok.net>
To: Scott Helms <khelms@ispalliance.net>
In-Reply-To: <4D2E0B77.9060504@ispalliance.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 1/12/2011 2:13 PM, Scott Helms wrote:
> Until someone makes an effort to create either a DMZ entry or starts
> doing port forwarding all (AFAIK) of the common routers will drop
> packets that they don't know where to forward them.
This can be easily implemented in stateful firewalls for home routers.
The code is almost identical to NAT, just no address mangling. I suspect
that v4 NAT and v6 stateful inspection will actually use the same code
in many cases.
Not to say NAT doesn't have other uses, but they generally are useful
for enterprise networks or sometimes service providers, not home routers.
Jack
