cancel
Showing results for 
Search instead for 
Did you mean: 

Re: NAT routers as firewalls

itsme
Grafter
Posts: 5,924
Thanks: 3
Registered: ‎07-04-2007

Re: NAT routers as firewalls

NAT's are not a firewall. Have your router got a SPI firewall? If so use this as well as NAT and port forwarding.
Info on SPI
7 REPLIES 7
itsme
Grafter
Posts: 5,924
Thanks: 3
Registered: ‎07-04-2007

Re: NAT routers as firewalls

NAT give the impression that it's a firewall be strictly speaking it's not otherwise you will not have SPI firewalls.
Peter_Vaughan
Grafter
Posts: 14,469
Registered: ‎30-07-2007

Re: NAT routers as firewalls

A NAT router does act like a firewall except it just blocks everything* incoming and nothing outgoing. What SPI gives you is the ability to configure what is allowed through in either direction and under what conditions.
*everything is not strictly true as some routers still allowed certain ports through which you have no control over, as well as others related to VPN/IPSEC through other config screens.
To answer the OPs Q, the more security you can add the better. By this I mean also have a software firewall on the server(s) which restrict access only to the ports needed for that server AND limit outgoing connections as well to only known ports.
There are ways to hack into servers just using the standard http port. If you look at the web server logs you will see many attempts at running phpMyadmin scripts and other Windows exes via a URL. The important thing to ensure is you are running the latest web server or forum software or mail server so these well known exploits are harmless. I also don;t use the standard locations for scripts/php files so its even less likely to cause a problem should an unknown exploit be found.
itsme
Grafter
Posts: 5,924
Thanks: 3
Registered: ‎07-04-2007

Re: NAT routers as firewalls

May find this of interest I rely on the NAT for my firewall. I do have an SPI firewall on my router and it's enabled but that's the only configuration available to me except to block pinging and port 113.
Peter_Vaughan
Grafter
Posts: 14,469
Registered: ‎30-07-2007

Re: NAT routers as firewalls

man iptables
it has one built in!
samuria
Grafter
Posts: 1,581
Thanks: 3
Registered: ‎13-04-2007

Re: NAT routers as firewalls

You should put a fake ip address as being in the DMZ zone as then all stray packets go to no were some routers need this to make them secure
chillypenguin
Grafter
Posts: 4,729
Registered: ‎04-04-2007

Re: NAT routers as firewalls

Some suggested reading;
The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers
Hack Attacks Testing: How to Conduct Your Own Security Audit
Hacking Exposed 5th Edition: Network Security Secrets and Solutions
Don't buy them, try your local library, they will be able to order them in from another library if they do not hold them in stock.
Chilly
itsme
Grafter
Posts: 5,924
Thanks: 3
Registered: ‎07-04-2007

Re: NAT routers as firewalls

Quote from: PJ

Strangely even with "Block Always" for all ports activated I can use the web and send and receive e-mail (I have defined the ports for these as always open) but I am unable to access the website using the external URL (responds to internal IP).

I assume that you are referrring to a Website hosted on your server. If so you will not be able to test the portwarding and firewall from the LAN side. You need either, 1)Use a computer on a different external IP or 2)Use a proxy server like this http://anonymouse.org/anonwww.html