North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)

  • From: Nicholas Suan
  • Date: Tue Jun 05 09:42:10 2007
  • Dkim-signature: a=rsa-sha1; c=relaxed/relaxed;; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=mqKxzB6R7+K98hcgxl0GzGWWxO0TjL2dawmBPenHubYwcIFKJ4ciKSYD1IzQs4rcmRLzuGqhxUDZ8gpbo+GFZwUL1Cn3ncmzG66+S1GpVF073lwAMYGguBIrTx/1wYOyIqevZivoCbd1+8UbWRzWHNyHMRRNFN3spIYAYYNQX2w=
  • Domainkey-signature: a=rsa-sha1; c=nofws;; s=beta; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=go2fQ0AGtdcDEnAvJFZvmi0yVluliBtHoLfHd0KXQL72Vk7TIVafP6tkFX/03x1vfwEWPlcZcyXeMQkpf/ocAgUHvzmsR1toh+a5QuwB55Y0lJBaoLZS42+hQBUVnE9isoAmHulKN0BiUHls2CG7aNFIzNXseKX0c8rCwPPQTmU=

On 6/5/07, David Schwartz <davids@xxxxxxxxxxxxx> wrote:

Combined responses to save bandwidth and hassle (and number of times you
have to press 'd'):


> Just because it's behind NAT, does not mean it's unreahcable from the

Okay, so exactly how many times do you think we have to say in this thread
that by "NAT/PAT", we mean NAT/PAT as typically implemented in the very
cheapest routers in their default configuration?

Even the cheapest routers have a 'DMZ' configuration option that adds a rule that, by default, sends all the traffic to a particular host. And using that is a fairly common solution to bypassing problems with port forwarding and NAT.