Anton Aylward wrote:
IF AND ONLY IF the NAT port forwarding *ALSO* has all the filtering
NAT port forwarding is typically a single 'iptables' entry, nothing more. It isn't a <something> with anything extra, any more filtering, it's just a directive: "send requests on port 80 on external IP to port NN on internal IP". This is for my sons Minecraft server: iptables -A PREROUTING -t nat -p tcp -i eth1 --dport 25565 --j DNAT --to 192.168.11.221
one would expect of a firewall for that services (AV, email black hole, 'content inspection' and a pile of other things) then OK.
I wouldn't expect any of that in a standard ADSL or FTTH box. Not at all - we're talking about a firewall on a router, nothing else. Well, that's what I'm talking about it.
But I've not seen a NAT'ing device that that does. None of the ones I have or have installed or dealt with in a casual-for-friends-and-relatives or professional or semi-professional capacity have, but I can't claim to have dealt with every last device and every last software revision in the whole wide world.
Professional equipment such as Fortigate, Sonicwall and Astaro (and many others), all come with all or some of that, but unless you're a small business, you probably don't want to bother with one of those. -- Per Jessen, Zürich (21.6°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org