[97267] in North American Network Operators' Group
Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)
daemon@ATHENA.MIT.EDU (Nicholas Suan)
Tue Jun 5 09:40:51 2007
Date: Tue, 5 Jun 2007 09:39:58 -0400
From: "Nicholas Suan" <nsuan@nonexiste.net>
To: "NANOG list" <nanog@nanog.org>
In-Reply-To: <MDEHLPKNGKAHNMBLJOLKMEGHEFAC.davids@webmaster.com>
Errors-To: owner-nanog@merit.edu
On 6/5/07, David Schwartz <davids@webmaster.com> wrote:
>
>
> Combined responses to save bandwidth and hassle (and number of times you
> have to press 'd'):
>
> --
>
> > Just because it's behind NAT, does not mean it's unreahcable from the
> internet:
>
> Okay, so exactly how many times do you think we have to say in this thread
> that by "NAT/PAT", we mean NAT/PAT as typically implemented in the very
> cheapest routers in their default configuration?
>
Even the cheapest routers have a 'DMZ' configuration option that adds
a rule that, by default, sends all the traffic to a particular host.
And using that is a fairly common solution to bypassing problems with
port forwarding and NAT.
