i*p
2 楼
【 以下文字转载自 CS 讨论区 】
发信人: isup (No), 信区: CS
标 题: NAT, router, firewall
发信站: BBS 未名空间站 (Mon Sep 19 15:44:07 2005)
I found most vendors talking NAT in the firewall category. I thougt NAT is
main for IPv4 shortage, which will reuse private IPs in Internet. The effect
is to hide internal IP. In this sense, it is rather routing than security. Any
guru like to comment/discuss it?
发信人: isup (No), 信区: CS
标 题: NAT, router, firewall
发信站: BBS 未名空间站 (Mon Sep 19 15:44:07 2005)
I found most vendors talking NAT in the firewall category. I thougt NAT is
main for IPv4 shortage, which will reuse private IPs in Internet. The effect
is to hide internal IP. In this sense, it is rather routing than security. Any
guru like to comment/discuss it?
l*y
3 楼
using routing to provide security, IMHO, is like having a wisely
structured castle built, before putting in well-armed and well-trained
soldiers. simple firewalling often builds around a DMZ, which is a
network segment. using private IP for that segment saves the money to
buy more public ip addresses. there're more ways than one to do NAT,
but the gist for it is that network engineering should be the first step
in development. having entry and exit points in a large, well segmented
network, vs a
【在 i**p 的大作中提到】
: 【 以下文字转载自 CS 讨论区 】
: 发信人: isup (No), 信区: CS
: 标 题: NAT, router, firewall
: 发信站: BBS 未名空间站 (Mon Sep 19 15:44:07 2005)
: I found most vendors talking NAT in the firewall category. I thougt NAT is
: main for IPv4 shortage, which will reuse private IPs in Internet. The effect
: is to hide internal IP. In this sense, it is rather routing than security. Any
: guru like to comment/discuss it?
structured castle built, before putting in well-armed and well-trained
soldiers. simple firewalling often builds around a DMZ, which is a
network segment. using private IP for that segment saves the money to
buy more public ip addresses. there're more ways than one to do NAT,
but the gist for it is that network engineering should be the first step
in development. having entry and exit points in a large, well segmented
network, vs a
【在 i**p 的大作中提到】
: 【 以下文字转载自 CS 讨论区 】
: 发信人: isup (No), 信区: CS
: 标 题: NAT, router, firewall
: 发信站: BBS 未名空间站 (Mon Sep 19 15:44:07 2005)
: I found most vendors talking NAT in the firewall category. I thougt NAT is
: main for IPv4 shortage, which will reuse private IPs in Internet. The effect
: is to hide internal IP. In this sense, it is rather routing than security. Any
: guru like to comment/discuss it?
i*p
4 楼
Thanks!
"NAT" is bacame another name of RFC 1631, right?
Is there any other standard/method used in SOHO router for the same purpose?
【在 l***y 的大作中提到】
: using routing to provide security, IMHO, is like having a wisely
: structured castle built, before putting in well-armed and well-trained
: soldiers. simple firewalling often builds around a DMZ, which is a
: network segment. using private IP for that segment saves the money to
: buy more public ip addresses. there're more ways than one to do NAT,
: but the gist for it is that network engineering should be the first step
: in development. having entry and exit points in a large, well segmented
: network, vs a
"NAT" is bacame another name of RFC 1631, right?
Is there any other standard/method used in SOHO router for the same purpose?
【在 l***y 的大作中提到】
: using routing to provide security, IMHO, is like having a wisely
: structured castle built, before putting in well-armed and well-trained
: soldiers. simple firewalling often builds around a DMZ, which is a
: network segment. using private IP for that segment saves the money to
: buy more public ip addresses. there're more ways than one to do NAT,
: but the gist for it is that network engineering should be the first step
: in development. having entry and exit points in a large, well segmented
: network, vs a
l*y
5 楼
a more expensive solution, which is also very old, i think, is VPN.
software VPN will setup a tunnel from your side to server side. this
will work whether or not you have a home/small office private network.
for a scattered number of small office routers that needs to talk to
each other, networking VPN will give each SOHO a private routing table(vrf),
only including the networks they need access. also, from the public network
nothing can get to the networks behind these SOHO routers. This will p
【在 i**p 的大作中提到】
: Thanks!
: "NAT" is bacame another name of RFC 1631, right?
: Is there any other standard/method used in SOHO router for the same purpose?
software VPN will setup a tunnel from your side to server side. this
will work whether or not you have a home/small office private network.
for a scattered number of small office routers that needs to talk to
each other, networking VPN will give each SOHO a private routing table(vrf),
only including the networks they need access. also, from the public network
nothing can get to the networks behind these SOHO routers. This will p
【在 i**p 的大作中提到】
: Thanks!
: "NAT" is bacame another name of RFC 1631, right?
: Is there any other standard/method used in SOHO router for the same purpose?
i*p
6 楼
NAT does work well now, and makes inexpensive private network available
without public IPs. It compromises with PORT number. The router has to check
the port number in TCP/UDP layer for routing. Is it a drawback and will affect
other application later?
private
【在 l***y 的大作中提到】
: a more expensive solution, which is also very old, i think, is VPN.
: software VPN will setup a tunnel from your side to server side. this
: will work whether or not you have a home/small office private network.
: for a scattered number of small office routers that needs to talk to
: each other, networking VPN will give each SOHO a private routing table(vrf),
: only including the networks they need access. also, from the public network
: nothing can get to the networks behind these SOHO routers. This will p
without public IPs. It compromises with PORT number. The router has to check
the port number in TCP/UDP layer for routing. Is it a drawback and will affect
other application later?
private
【在 l***y 的大作中提到】
: a more expensive solution, which is also very old, i think, is VPN.
: software VPN will setup a tunnel from your side to server side. this
: will work whether or not you have a home/small office private network.
: for a scattered number of small office routers that needs to talk to
: each other, networking VPN will give each SOHO a private routing table(vrf),
: only including the networks they need access. also, from the public network
: nothing can get to the networks behind these SOHO routers. This will p
l*y
7 楼
em, definately there can be some more inteligent 'application routers'
to handle the problems NAT generates. apps using protocols such as SIP, FTP,
etc,
refer to the private ip of the endpoints behind NAT, this'll break the
applications unless some measure is taken to handle NAT. either the router
can re-write the signalling packets to replace private ips with public ip,
or the endpoints have to be aware and handle NAT, or ...
NAT can be single ip to single ip, btw, doesn't have to be multiple i
【在 i**p 的大作中提到】
: NAT does work well now, and makes inexpensive private network available
: without public IPs. It compromises with PORT number. The router has to check
: the port number in TCP/UDP layer for routing. Is it a drawback and will affect
: other application later?
:
: private
to handle the problems NAT generates. apps using protocols such as SIP, FTP,
etc,
refer to the private ip of the endpoints behind NAT, this'll break the
applications unless some measure is taken to handle NAT. either the router
can re-write the signalling packets to replace private ips with public ip,
or the endpoints have to be aware and handle NAT, or ...
NAT can be single ip to single ip, btw, doesn't have to be multiple i
【在 i**p 的大作中提到】
: NAT does work well now, and makes inexpensive private network available
: without public IPs. It compromises with PORT number. The router has to check
: the port number in TCP/UDP layer for routing. Is it a drawback and will affect
: other application later?
:
: private
相关阅读
现在大家BT都是什么版本?Email Backup : How to handle .php file ?what's the best on-line dictionary?请问有免费的smtp relay 服务吗?[转载] 最近现在了一些avi的文件,怎么都看不了?自带全拼输入的试验论坛Firefox 内存占用[转载] 紧急求教:网页只显示一半求助:机器有病毒: backdoor.NibuRe: what's the best on-line dictionary?[转载] 三个不同的WINDOWS如何实现文件和打印机共享?问个问题`机场能用无线上网吗?请大家推荐一个好的空间服务商.Problem: DSL's slow upload speed怎么把msn messenger的联系人导入到outlook里呢?outlook的自动回复能不能读取数据库?请问我的 Msg Plus 为什么不见了?请教一个私人问题97 classic OpenSource Projects关于web hosting