[ale] V6 question
Michael H. Warfield
mhw at WittsEnd.com
Wed Feb 9 14:56:32 EST 2011
On Wed, 2011-02-09 at 14:36 -0500, Paul Cartwright wrote:
> On 02/09/2011 01:43 PM, Greg Freemyer wrote:
> > I gather Michael is saying the consumer box most users have is combo
> > fireware / NAT device.
> >
> > And all the security comes from the firewall function, not the NAT function.
> >
>
> OK, where does that put this device, my ADSL modem- ENDSL-A2+4R2:
>
> http://www.encore-usa.com/al/sites/default/files/product_file_datasheet/ENDSL-A2plus4R2.pdf
> Security
> ‧ PPP over PAP (Password Authentication Protocol; RFC1334)
> ‧ PPP over CHAP (Challenge Authentication Protocol; RFC1994)
> ‧ DoS Protection
> ‧ Stateful Packet inspection (SPI)
> ‧ Built-in NAT Firewall
> ‧ IP Based packet filtering
> ‧ Password Protected System Management
>
> it says "Built-in NAT Firewall. Is that JUST NAT, or is that a real
> firewall??
It may have a real explicit separate firewall or it may have it simply
that the statefulness of the NAT is performing that function. If you
look at netfilter (iptables) you'll find the NAT is a feature of
netfilter. That is your firewalling logic. It's the same state
tracking in iptables that drives the NAT logic as drives the stateful
filtering. That's a lot of the source of the confusion. If you simply
eliminated the NAT and left the state engine and stateful filtering, it
would still be just as secure.
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20110209/e74f7e3a/attachment.bin
More information about the Ale
mailing list