North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)

  • From: Nicholas Suan
  • Date: Tue Jun 05 09:42:10 2007
  • Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=mqKxzB6R7+K98hcgxl0GzGWWxO0TjL2dawmBPenHubYwcIFKJ4ciKSYD1IzQs4rcmRLzuGqhxUDZ8gpbo+GFZwUL1Cn3ncmzG66+S1GpVF073lwAMYGguBIrTx/1wYOyIqevZivoCbd1+8UbWRzWHNyHMRRNFN3spIYAYYNQX2w=
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=go2fQ0AGtdcDEnAvJFZvmi0yVluliBtHoLfHd0KXQL72Vk7TIVafP6tkFX/03x1vfwEWPlcZcyXeMQkpf/ocAgUHvzmsR1toh+a5QuwB55Y0lJBaoLZS42+hQBUVnE9isoAmHulKN0BiUHls2CG7aNFIzNXseKX0c8rCwPPQTmU=


On 6/5/07, David Schwartz <davids@xxxxxxxxxxxxx> wrote:


Combined responses to save bandwidth and hassle (and number of times you
have to press 'd'):

--

> Just because it's behind NAT, does not mean it's unreahcable from the
internet:

Okay, so exactly how many times do you think we have to say in this thread
that by "NAT/PAT", we mean NAT/PAT as typically implemented in the very
cheapest routers in their default configuration?


Even the cheapest routers have a 'DMZ' configuration option that adds a rule that, by default, sends all the traffic to a particular host. And using that is a fairly common solution to bypassing problems with port forwarding and NAT.