i*p
2 楼
【 以下文字转载自 CS 讨论区 】
发信人: isup (No), 信区: CS
标 题: NAT, router, firewall
发信站: BBS 未名空间站 (Mon Sep 19 15:44:07 2005)
I found most vendors talking NAT in the firewall category. I thougt NAT is
main for IPv4 shortage, which will reuse private IPs in Internet. The effect
is to hide internal IP. In this sense, it is rather routing than security. Any
guru like to comment/discuss it?
发信人: isup (No), 信区: CS
标 题: NAT, router, firewall
发信站: BBS 未名空间站 (Mon Sep 19 15:44:07 2005)
I found most vendors talking NAT in the firewall category. I thougt NAT is
main for IPv4 shortage, which will reuse private IPs in Internet. The effect
is to hide internal IP. In this sense, it is rather routing than security. Any
guru like to comment/discuss it?
l*y
3 楼
using routing to provide security, IMHO, is like having a wisely
structured castle built, before putting in well-armed and well-trained
soldiers. simple firewalling often builds around a DMZ, which is a
network segment. using private IP for that segment saves the money to
buy more public ip addresses. there're more ways than one to do NAT,
but the gist for it is that network engineering should be the first step
in development. having entry and exit points in a large, well segmented
network, vs a
【在 i**p 的大作中提到】
: 【 以下文字转载自 CS 讨论区 】
: 发信人: isup (No), 信区: CS
: 标 题: NAT, router, firewall
: 发信站: BBS 未名空间站 (Mon Sep 19 15:44:07 2005)
: I found most vendors talking NAT in the firewall category. I thougt NAT is
: main for IPv4 shortage, which will reuse private IPs in Internet. The effect
: is to hide internal IP. In this sense, it is rather routing than security. Any
: guru like to comment/discuss it?
structured castle built, before putting in well-armed and well-trained
soldiers. simple firewalling often builds around a DMZ, which is a
network segment. using private IP for that segment saves the money to
buy more public ip addresses. there're more ways than one to do NAT,
but the gist for it is that network engineering should be the first step
in development. having entry and exit points in a large, well segmented
network, vs a
【在 i**p 的大作中提到】
: 【 以下文字转载自 CS 讨论区 】
: 发信人: isup (No), 信区: CS
: 标 题: NAT, router, firewall
: 发信站: BBS 未名空间站 (Mon Sep 19 15:44:07 2005)
: I found most vendors talking NAT in the firewall category. I thougt NAT is
: main for IPv4 shortage, which will reuse private IPs in Internet. The effect
: is to hide internal IP. In this sense, it is rather routing than security. Any
: guru like to comment/discuss it?
i*p
4 楼
Thanks!
"NAT" is bacame another name of RFC 1631, right?
Is there any other standard/method used in SOHO router for the same purpose?
【在 l***y 的大作中提到】
: using routing to provide security, IMHO, is like having a wisely
: structured castle built, before putting in well-armed and well-trained
: soldiers. simple firewalling often builds around a DMZ, which is a
: network segment. using private IP for that segment saves the money to
: buy more public ip addresses. there're more ways than one to do NAT,
: but the gist for it is that network engineering should be the first step
: in development. having entry and exit points in a large, well segmented
: network, vs a
"NAT" is bacame another name of RFC 1631, right?
Is there any other standard/method used in SOHO router for the same purpose?
【在 l***y 的大作中提到】
: using routing to provide security, IMHO, is like having a wisely
: structured castle built, before putting in well-armed and well-trained
: soldiers. simple firewalling often builds around a DMZ, which is a
: network segment. using private IP for that segment saves the money to
: buy more public ip addresses. there're more ways than one to do NAT,
: but the gist for it is that network engineering should be the first step
: in development. having entry and exit points in a large, well segmented
: network, vs a
l*y
5 楼
a more expensive solution, which is also very old, i think, is VPN.
software VPN will setup a tunnel from your side to server side. this
will work whether or not you have a home/small office private network.
for a scattered number of small office routers that needs to talk to
each other, networking VPN will give each SOHO a private routing table(vrf),
only including the networks they need access. also, from the public network
nothing can get to the networks behind these SOHO routers. This will p
【在 i**p 的大作中提到】
: Thanks!
: "NAT" is bacame another name of RFC 1631, right?
: Is there any other standard/method used in SOHO router for the same purpose?
software VPN will setup a tunnel from your side to server side. this
will work whether or not you have a home/small office private network.
for a scattered number of small office routers that needs to talk to
each other, networking VPN will give each SOHO a private routing table(vrf),
only including the networks they need access. also, from the public network
nothing can get to the networks behind these SOHO routers. This will p
【在 i**p 的大作中提到】
: Thanks!
: "NAT" is bacame another name of RFC 1631, right?
: Is there any other standard/method used in SOHO router for the same purpose?
i*p
6 楼
NAT does work well now, and makes inexpensive private network available
without public IPs. It compromises with PORT number. The router has to check
the port number in TCP/UDP layer for routing. Is it a drawback and will affect
other application later?
private
【在 l***y 的大作中提到】
: a more expensive solution, which is also very old, i think, is VPN.
: software VPN will setup a tunnel from your side to server side. this
: will work whether or not you have a home/small office private network.
: for a scattered number of small office routers that needs to talk to
: each other, networking VPN will give each SOHO a private routing table(vrf),
: only including the networks they need access. also, from the public network
: nothing can get to the networks behind these SOHO routers. This will p
without public IPs. It compromises with PORT number. The router has to check
the port number in TCP/UDP layer for routing. Is it a drawback and will affect
other application later?
private
【在 l***y 的大作中提到】
: a more expensive solution, which is also very old, i think, is VPN.
: software VPN will setup a tunnel from your side to server side. this
: will work whether or not you have a home/small office private network.
: for a scattered number of small office routers that needs to talk to
: each other, networking VPN will give each SOHO a private routing table(vrf),
: only including the networks they need access. also, from the public network
: nothing can get to the networks behind these SOHO routers. This will p
l*y
7 楼
em, definately there can be some more inteligent 'application routers'
to handle the problems NAT generates. apps using protocols such as SIP, FTP,
etc,
refer to the private ip of the endpoints behind NAT, this'll break the
applications unless some measure is taken to handle NAT. either the router
can re-write the signalling packets to replace private ips with public ip,
or the endpoints have to be aware and handle NAT, or ...
NAT can be single ip to single ip, btw, doesn't have to be multiple i
【在 i**p 的大作中提到】
: NAT does work well now, and makes inexpensive private network available
: without public IPs. It compromises with PORT number. The router has to check
: the port number in TCP/UDP layer for routing. Is it a drawback and will affect
: other application later?
:
: private
to handle the problems NAT generates. apps using protocols such as SIP, FTP,
etc,
refer to the private ip of the endpoints behind NAT, this'll break the
applications unless some measure is taken to handle NAT. either the router
can re-write the signalling packets to replace private ips with public ip,
or the endpoints have to be aware and handle NAT, or ...
NAT can be single ip to single ip, btw, doesn't have to be multiple i
【在 i**p 的大作中提到】
: NAT does work well now, and makes inexpensive private network available
: without public IPs. It compromises with PORT number. The router has to check
: the port number in TCP/UDP layer for routing. Is it a drawback and will affect
: other application later?
:
: private
相关阅读
哪个C# 的wiki engine比较好?这个我老婆太不好用了,你们还抢寻找IT技术背景合作伙伴做网站已经永久删除的 email 怎样恢复?怎么知道21端口已经开通?wallop的mp3上载是有quote的如何用一根网线连接两个vista?Help, my IE has problem(google blocked)交换机switch--会影响网络信号的稳定性么?clearwire service请问如何设置收件人收到信的确认?请问宽带和拨号上网有什么区别?gmail IMAP如何实现批量自动下载网页上的连接?Firefox 2.0.0.12版本下,金山词霸不能取词microsoft/msn/hotmail 都down了?卡帕斯基买anti virus还是internet security?QQ password (转载)DownForEveryoneOrJustMe.com使用Wallop的一些问题