NAT or NAT + Firewall - is it just emporer's new clothes? - Firewalls

This is a discussion on NAT or NAT + Firewall - is it just emporer's new clothes? - Firewalls ; Something I often hear/read is that on a network that is connected to a NAT router that there ought to be a firewall between the internet and the NAT router. Personally I'm sceptical, but can anyone give me a reason ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: NAT or NAT + Firewall - is it just emporer's new clothes?

  1. NAT or NAT + Firewall - is it just emporer's new clothes?

    Something I often hear/read is that on a network that is connected to a NAT
    router that there ought to be a firewall between the internet and the NAT
    router. Personally I'm sceptical, but can anyone give me a reason why that
    would be desirable?

    Thanks.
    --
    Brian Cryer
    www.cryer.co.uk/brian



  2. Re: NAT or NAT + Firewall - is it just emporer's new clothes?

    In article , brian.cryer@
    127.0.0.1.ntlworld.com says...
    > Something I often hear/read is that on a network that is connected to a NAT
    > router that there ought to be a firewall between the internet and the NAT
    > router. Personally I'm sceptical, but can anyone give me a reason why that
    > would be desirable?


    NAT is a method of Routing traffic, from one network to another. In the
    case of these home/residential grade devices they offer a method to take
    1 IP (public) and allow MANY nodes (LAN/Private) to share it.

    A firewall may or may not implement NAT, and certainly doesn't have to
    do a 1:MANY solution, and could be completely transparent.

    Many firewalls have additional firewall features that allow them to
    determine if (say you have a HTTP rule) TCP port 80 is being used for
    HTTP communications or some other communications and block the "some
    other". Many firewalls have features to inspect the traffic and remove
    malformed content or undesired content from the session.

    A firewall can detect attacks and block them properly.

    A firewall can block ranges of ports in and out of your network.

    A firewall often allows for Branch Office VPN setups between locations.

    The biggest difference between a firewall and a NAT Router is that the
    Firewall will block outbound connections and a NAT Router often has no
    method to block outbound or has limited ability to block outbound - in
    addition to the larger ability to detect attacks and block them.

    --

    Leythos
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    spam999free@rrohio.com (remove 999 for proper email address)

  3. Re: NAT or NAT + Firewall - is it just emporer's new clothes?

    Brian,

    I would say the most important thing here is a good router, and not
    the kind that many ISPs give thier customers. I call these cheapo
    routers Bobīs Router because sometimes its hard to know who made them.
    Researchers find holes in these kinds of routers and so when a bad guy
    owns your router.....it's game over. In a most situations the router
    faces the world and the firewall sits behind it, hence the importance
    of having a solid router.

    Later,

    Lyle

  4. Re: NAT or NAT + Firewall - is it just emporer's new clothes?

    "Leythos" wrote in message
    news:MPG.21b7214743485e47989869@adfree.Usenet.com. ..
    > In article , brian.cryer@
    > 127.0.0.1.ntlworld.com says...
    >> Something I often hear/read is that on a network that is connected to a
    >> NAT
    >> router that there ought to be a firewall between the internet and the NAT
    >> router. Personally I'm sceptical, but can anyone give me a reason why
    >> that
    >> would be desirable?

    >
    > NAT is a method of Routing traffic, from one network to another. In the
    > case of these home/residential grade devices they offer a method to take
    > 1 IP (public) and allow MANY nodes (LAN/Private) to share it.
    >
    > A firewall may or may not implement NAT, and certainly doesn't have to
    > do a 1:MANY solution, and could be completely transparent.
    >
    > Many firewalls have additional firewall features that allow them to
    > determine if (say you have a HTTP rule) TCP port 80 is being used for
    > HTTP communications or some other communications and block the "some
    > other". Many firewalls have features to inspect the traffic and remove
    > malformed content or undesired content from the session.
    >
    > A firewall can detect attacks and block them properly.
    >
    > A firewall can block ranges of ports in and out of your network.
    >
    > A firewall often allows for Branch Office VPN setups between locations.
    >
    > The biggest difference between a firewall and a NAT Router is that the
    > Firewall will block outbound connections and a NAT Router often has no
    > method to block outbound or has limited ability to block outbound - in
    > addition to the larger ability to detect attacks and block them.


    Thank you.



  5. Re: NAT or NAT + Firewall - is it just emporer's new clothes?

    Thanks Lyle.

    As it happens I've only just recently ordered a replacement router for our
    office for the one the ISP provided. (Mostly because the current one
    restricts us on VPN.)


    "Lyle" wrote in message
    news:09e888ae-abd9-4bc1-ac01-f0d61324fe36@y20g2000hsy.googlegroups.com...
    Brian,

    I would say the most important thing here is a good router, and not
    the kind that many ISPs give thier customers. I call these cheapo
    routers Bobīs Router because sometimes its hard to know who made them.
    Researchers find holes in these kinds of routers and so when a bad guy
    owns your router.....it's game over. In a most situations the router
    faces the world and the firewall sits behind it, hence the importance
    of having a solid router.

    Later,

    Lyle



+ Reply to Thread