Re: 56k dial up on laptop 802.11G ?

David Taylor <djtaylor@xxxxxxxxxxx> wrote in
news:MPG.1d4ef95e925b3a49989ce0@xxxxxxxxxxxxxxxxxxxxxxx:

>> No Linksys router has a FW. The NAT router has SPI maybe and some
>> other FW like features. And it can be used as part of a total FW
>> solution as a border device. But it's not an appliance that is
>> running FW software, even if it is running SPI.
>
> Just to play devils advocate here, depends if that little Linksys
> router is running other software, after all it's just a linux box ;)
>
> David.
>


If the little Linksys router can meet the specs below, then it's an
appliance running FW software. If it cannot meet the specs, then it's not
an appliance running FW software. And that's no matter what other
firmware is replacing the original firmware.
<snip>

A firewall examines all traffic routed between the two networks to see if
it meets certain criteria. If it does, it is routed between the networks,
otherwise it is stopped. A firewall filters both inbound and outbound
traffic. It can also manage public access to private networked resources
such as host applications. It can be used to log all attempts to enter
the private network and trigger alarms when hostile or unauthorized entry
is attempted. Firewalls can filter packets based on their source and
destination addresses and port numbers. This is known as address
filtering. Firewalls can also filter specific types of network traffic.
This is also known as protocol filtering because the decision to forward
or reject traffic is dependant upon the protocol used, for example HTTP,
ftp or telnet. Firewalls can also filter traffic by packet attribute or
state.

<snip>

The above is what I consider FW software whether or not it's running on
an appliance as a hardware solution on as a software solution running on
a gateway computer.

Let's knock the NAT out of the box. My low-end Watchguard FW appliance
has NAT too.

<snip>

Impostors

When discussing firewalls, packet screening methods, and how firewalls
function, there are a few misconceptions that need to be addressed.

Network Address Translation (NAT)
One technology that is commonly thought to act as a firewall solution is
Network Address Translation (NAT). NAT translates "internal" IP addresses
on one network to "external" IP addresses on another network. There are
three methods NAT uses to accomplish address translation.

Static NAT - maps a specific single address to another specific single
address.

Example:
10.0.0.1 -mapped to- 168.13.1.1


Pooled NAT- dynamically maps all specific single addresses to a pool or
range of external addresses.


Example:
10.0.0.1-10.0.0.254 -mapped to- 168.13.1.1-168.13.1.254


Port Level NAT- dynamically maps all specific single internal addresses
to a specific single external address. The internal address is mapped or
identified by the specific external address in combination with a unique
port number.

Example:
10.0.0.1 -mapped to- 168.13.1.1:1084
10.0.0.2 -mapped to- 168.13.1.1:1085
10.0.0.3 -mapped to- 168.13.1.1:1086


By comparing the way NAT functions between two networks, and the way
packet screening methods function between two networks, you can see that
NAT does not adhere to the firewall definition. NAT does not control
access between the networks. Some may argue that NAT does control access
because you cannot "see" the internal network. NAT does this not by using
rules or filters, however, but through concealment. It hides the network
from outside users.

<snip>

Duane :)



.

Relevant Pages

  • Re: XP Home: selective folder sharing
    ... >same would hold for any wireless connection. ... Explaining bridges vs NAT is not easy. ... network are visible to all other components on each network. ... With a bridge (if Falcon-II is providing one), ...
    (microsoft.public.windowsxp.network_web)
  • Re: [fw-wiz] Internet accessible screened subnet - use public orprivate IPs?
    ... >The whole reason NAT was implemented was because of a very finite number of publicly routable IP addresses. ... The first firewalls I built offered NAT (inherent in the design and then later via ... "Proxy transparency" in Gauntlet) because a lot of the early firewall customers ... re-address their network or NAT ...
    (Firewall-Wizards)
  • Re: XP Home: selective folder sharing
    ... > Explaining bridges vs NAT is not easy. ... > network are visible to all other components on each network. ... > With a bridge (if Falcon-II is providing one), ... > For protection inside the NAT router, ...
    (microsoft.public.windowsxp.network_web)
  • Re: [9fans] Do we have a catalog of 9P servers?
    ... I believe state information and communication buffers are the biggest memory spending for network operations. ... There _could_ be a trade-off between the transient NAT with its processing power toll and the persistent /net-import with its memory cost. ... By contrast, on a large network /net-import strategy could make a "powerful" gateway unavoidable because every machine on the network will need a session with the gateway even if it only rarely communicates with the outside world, unless you implement an ... Or is it because Plan 9 has much less inertia because of a smaller user base? ...
    (comp.os.plan9)
  • Re: NAT is not a mechanism for securing a network.. but.. HELP!
    ... >> one of their firewalls). ... >> But there was one claim that sounded like a serious problem for NAT ... >> device opens a port by putting it in the NAT table, ... way into the network? ...
    (comp.security.firewalls)