On 12/16/2014 04:01 PM, John Andersen wrote:
If you knew anything about it other then what you read on half of a wiki page you would realize that NAT is a Router and a firewall. At the bottom of that deep pile you fail to understand its all iptables or PacketFilter.
This is getting old. The main purpose of NAT is to get around the address shortage. That is it's intended purpose, though it can also be used for remapping address ranges. The firewall function only occurs because there is no direct way to reach devices behind it, as commonly used, and is thus a side effect of NAT. If you had a subnet of public addresses, the deny all access list on a router would be just as effective at controlling what's allowed. A router is a separate function again. I happen to have a Cisco router here beside my desk. I can configure it to allow/deny traffic on a subnet, or for NAT, or even just as a filter, without routing or NAT functions. NAT, routing and filtering are three separate functions that are often combined within the same box. Incidentally, when NAT is used to remap address ranges, that is the same number of addresses on either side, it loses the "firewall" function. You again need access lists to control what's allowed to pass. Cisco routers also allow a configuration, where one or more local addresses map directly to public addresses, in both directions, again without the inherent NAT "firewall", so you again need access lists. BTW, I have been working with commercial grade routers from Adtran and Cisco for several years and am also Cisco certified. As I mentioned earlier, I have also worked with VoIP PBXs. All this for business customers. You may want to pick up a Cisco CCNA text for a full description of how NAT is used & it's limitations and also about access lists & how they are used to control traffic into, out of and within a network. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org