Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Re: NAT routers as firewalls
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Re: NAT routers as firewalls
Re: NAT routers as firewalls
30-08-2007 6:18 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
NAT's are not a firewall. Have your router got a SPI firewall? If so use this as well as NAT and port forwarding.
Info on SPI
Info on SPI
7 REPLIES 7
Re: NAT routers as firewalls
30-08-2007 6:29 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
NAT give the impression that it's a firewall be strictly speaking it's not otherwise you will not have SPI firewalls.
Re: NAT routers as firewalls
30-08-2007 6:44 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
A NAT router does act like a firewall except it just blocks everything* incoming and nothing outgoing. What SPI gives you is the ability to configure what is allowed through in either direction and under what conditions.
*everything is not strictly true as some routers still allowed certain ports through which you have no control over, as well as others related to VPN/IPSEC through other config screens.
To answer the OPs Q, the more security you can add the better. By this I mean also have a software firewall on the server(s) which restrict access only to the ports needed for that server AND limit outgoing connections as well to only known ports.
There are ways to hack into servers just using the standard http port. If you look at the web server logs you will see many attempts at running phpMyadmin scripts and other Windows exes via a URL. The important thing to ensure is you are running the latest web server or forum software or mail server so these well known exploits are harmless. I also don;t use the standard locations for scripts/php files so its even less likely to cause a problem should an unknown exploit be found.
*everything is not strictly true as some routers still allowed certain ports through which you have no control over, as well as others related to VPN/IPSEC through other config screens.
To answer the OPs Q, the more security you can add the better. By this I mean also have a software firewall on the server(s) which restrict access only to the ports needed for that server AND limit outgoing connections as well to only known ports.
There are ways to hack into servers just using the standard http port. If you look at the web server logs you will see many attempts at running phpMyadmin scripts and other Windows exes via a URL. The important thing to ensure is you are running the latest web server or forum software or mail server so these well known exploits are harmless. I also don;t use the standard locations for scripts/php files so its even less likely to cause a problem should an unknown exploit be found.
Re: NAT routers as firewalls
30-08-2007 6:51 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
May find this of interest I rely on the NAT for my firewall. I do have an SPI firewall on my router and it's enabled but that's the only configuration available to me except to block pinging and port 113.
Re: NAT routers as firewalls
30-08-2007 10:50 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
man iptables
it has one built in!
it has one built in!
Re: NAT routers as firewalls
30-08-2007 11:18 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
You should put a fake ip address as being in the DMZ zone as then all stray packets go to no were some routers need this to make them secure
Re: NAT routers as firewalls
01-09-2007 7:36 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Some suggested reading;
The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers
Hack Attacks Testing: How to Conduct Your Own Security Audit
Hacking Exposed 5th Edition: Network Security Secrets and Solutions
Don't buy them, try your local library, they will be able to order them in from another library if they do not hold them in stock.
Chilly
The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers
Hack Attacks Testing: How to Conduct Your Own Security Audit
Hacking Exposed 5th Edition: Network Security Secrets and Solutions
Don't buy them, try your local library, they will be able to order them in from another library if they do not hold them in stock.
Chilly
Re: NAT routers as firewalls
01-09-2007 7:53 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: PJ
Strangely even with "Block Always" for all ports activated I can use the web and send and receive e-mail (I have defined the ports for these as always open) but I am unable to access the website using the external URL (responds to internal IP).
I assume that you are referrring to a Website hosted on your server. If so you will not be able to test the portwarding and firewall from the LAN side. You need either, 1)Use a computer on a different external IP or 2)Use a proxy server like this http://anonymouse.org/anonwww.html
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Re: NAT routers as firewalls