Mailinglist Archive: opensuse (769 mails)

< Previous Next >
Re: [opensuse] DHCPv6-PD request
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Thu, 26 May 2016 14:24:44 +0200
  • Message-id: <ni6puc$bpp$1@saturn.local.net>
Anton Aylward wrote:

IF AND ONLY IF the NAT port forwarding *ALSO* has all the filtering

NAT port forwarding is typically a single 'iptables' entry, nothing
more. It isn't a <something> with anything extra, any more filtering,
it's just a directive: "send requests on port 80 on external IP to port
NN on internal IP".

This is for my sons Minecraft server:

iptables -A PREROUTING -t nat -p tcp -i eth1 --dport 25565 --j DNAT --to
192.168.11.221

one would expect of a firewall for that services (AV, email black
hole, 'content inspection' and a pile of other things) then OK.

I wouldn't expect any of that in a standard ADSL or FTTH box. Not at
all - we're talking about a firewall on a router, nothing else. Well,
that's what I'm talking about it.

But I've not seen a NAT'ing device that that does. None of the ones I
have or have installed or dealt with in a
casual-for-friends-and-relatives or
professional or semi-professional capacity have, but I can't claim to
have dealt with every last device and every last software revision in
the whole wide world.

Professional equipment such as Fortigate, Sonicwall and Astaro (and many
others), all come with all or some of that, but unless you're a small
business, you probably don't want to bother with one of those.


--
Per Jessen, Zürich (21.6°C)
http://www.dns24.ch/ - your free DNS host, made in Switzerland.

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
Follow Ups