[134887] in North American Network Operators' Group
Re: Is NAT can provide some kind of protection?
daemon@ATHENA.MIT.EDU (Scott Helms)
Wed Jan 12 15:53:53 2011
Date: Wed, 12 Jan 2011 15:44:27 -0500
From: Scott Helms <khelms@ispalliance.net>
To: nanog@nanog.org
In-Reply-To: <20110112203116.GA9385@hiwaay.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
No it really doesn't. Thank you for leaving the key word when you
quoted me (configured). The difference is the _default_ behavior of the
two. NAT by _default_ drops packets it doesn't have a mapped PAT
translation for. Home firewalls do not _default_ to dropping all
packets they don't have a rule to explicitly allow. The behaviors when
configured by someone knowledgeable behave the in a similar fashion
(allowing packets that are configured to pass and dropping all others)
but end users don't do that as a rule.
On 1/12/2011 3:31 PM, Chris Adams wrote:
> Once upon a time, Scott Helms<khelms@ispalliance.net> said:
>> Few home users have a stateful firewall configured
> Yes, they do. NAT requires a stateful firewall. Why is that so hard to
> understand?
--
Scott Helms
Vice President of Technology
ISP Alliance, Inc. DBA ZCorum
(678) 507-5000
--------------------------------
Looking for hand-selected news, views and
tips for independent broadband providers?
Follow us on Twitter! http://twitter.com/ZCorum
--------------------------------
