i*p
2 楼
【 以下文字转载自 CS 讨论区 】
发信人: isup (No), 信区: CS
标 题: NAT, router, firewall
发信站: BBS 未名空间站 (Mon Sep 19 15:44:07 2005)
I found most vendors talking NAT in the firewall category. I thougt NAT is
main for IPv4 shortage, which will reuse private IPs in Internet. The effect
is to hide internal IP. In this sense, it is rather routing than security. Any
guru like to comment/discuss it?
发信人: isup (No), 信区: CS
标 题: NAT, router, firewall
发信站: BBS 未名空间站 (Mon Sep 19 15:44:07 2005)
I found most vendors talking NAT in the firewall category. I thougt NAT is
main for IPv4 shortage, which will reuse private IPs in Internet. The effect
is to hide internal IP. In this sense, it is rather routing than security. Any
guru like to comment/discuss it?
l*y
3 楼
using routing to provide security, IMHO, is like having a wisely
structured castle built, before putting in well-armed and well-trained
soldiers. simple firewalling often builds around a DMZ, which is a
network segment. using private IP for that segment saves the money to
buy more public ip addresses. there're more ways than one to do NAT,
but the gist for it is that network engineering should be the first step
in development. having entry and exit points in a large, well segmented
network, vs a
【在 i**p 的大作中提到】
: 【 以下文字转载自 CS 讨论区 】
: 发信人: isup (No), 信区: CS
: 标 题: NAT, router, firewall
: 发信站: BBS 未名空间站 (Mon Sep 19 15:44:07 2005)
: I found most vendors talking NAT in the firewall category. I thougt NAT is
: main for IPv4 shortage, which will reuse private IPs in Internet. The effect
: is to hide internal IP. In this sense, it is rather routing than security. Any
: guru like to comment/discuss it?
structured castle built, before putting in well-armed and well-trained
soldiers. simple firewalling often builds around a DMZ, which is a
network segment. using private IP for that segment saves the money to
buy more public ip addresses. there're more ways than one to do NAT,
but the gist for it is that network engineering should be the first step
in development. having entry and exit points in a large, well segmented
network, vs a
【在 i**p 的大作中提到】
: 【 以下文字转载自 CS 讨论区 】
: 发信人: isup (No), 信区: CS
: 标 题: NAT, router, firewall
: 发信站: BBS 未名空间站 (Mon Sep 19 15:44:07 2005)
: I found most vendors talking NAT in the firewall category. I thougt NAT is
: main for IPv4 shortage, which will reuse private IPs in Internet. The effect
: is to hide internal IP. In this sense, it is rather routing than security. Any
: guru like to comment/discuss it?
i*p
4 楼
Thanks!
"NAT" is bacame another name of RFC 1631, right?
Is there any other standard/method used in SOHO router for the same purpose?
【在 l***y 的大作中提到】
: using routing to provide security, IMHO, is like having a wisely
: structured castle built, before putting in well-armed and well-trained
: soldiers. simple firewalling often builds around a DMZ, which is a
: network segment. using private IP for that segment saves the money to
: buy more public ip addresses. there're more ways than one to do NAT,
: but the gist for it is that network engineering should be the first step
: in development. having entry and exit points in a large, well segmented
: network, vs a
"NAT" is bacame another name of RFC 1631, right?
Is there any other standard/method used in SOHO router for the same purpose?
【在 l***y 的大作中提到】
: using routing to provide security, IMHO, is like having a wisely
: structured castle built, before putting in well-armed and well-trained
: soldiers. simple firewalling often builds around a DMZ, which is a
: network segment. using private IP for that segment saves the money to
: buy more public ip addresses. there're more ways than one to do NAT,
: but the gist for it is that network engineering should be the first step
: in development. having entry and exit points in a large, well segmented
: network, vs a
l*y
5 楼
a more expensive solution, which is also very old, i think, is VPN.
software VPN will setup a tunnel from your side to server side. this
will work whether or not you have a home/small office private network.
for a scattered number of small office routers that needs to talk to
each other, networking VPN will give each SOHO a private routing table(vrf),
only including the networks they need access. also, from the public network
nothing can get to the networks behind these SOHO routers. This will p
【在 i**p 的大作中提到】
: Thanks!
: "NAT" is bacame another name of RFC 1631, right?
: Is there any other standard/method used in SOHO router for the same purpose?
software VPN will setup a tunnel from your side to server side. this
will work whether or not you have a home/small office private network.
for a scattered number of small office routers that needs to talk to
each other, networking VPN will give each SOHO a private routing table(vrf),
only including the networks they need access. also, from the public network
nothing can get to the networks behind these SOHO routers. This will p
【在 i**p 的大作中提到】
: Thanks!
: "NAT" is bacame another name of RFC 1631, right?
: Is there any other standard/method used in SOHO router for the same purpose?
i*p
6 楼
NAT does work well now, and makes inexpensive private network available
without public IPs. It compromises with PORT number. The router has to check
the port number in TCP/UDP layer for routing. Is it a drawback and will affect
other application later?
private
【在 l***y 的大作中提到】
: a more expensive solution, which is also very old, i think, is VPN.
: software VPN will setup a tunnel from your side to server side. this
: will work whether or not you have a home/small office private network.
: for a scattered number of small office routers that needs to talk to
: each other, networking VPN will give each SOHO a private routing table(vrf),
: only including the networks they need access. also, from the public network
: nothing can get to the networks behind these SOHO routers. This will p
without public IPs. It compromises with PORT number. The router has to check
the port number in TCP/UDP layer for routing. Is it a drawback and will affect
other application later?
private
【在 l***y 的大作中提到】
: a more expensive solution, which is also very old, i think, is VPN.
: software VPN will setup a tunnel from your side to server side. this
: will work whether or not you have a home/small office private network.
: for a scattered number of small office routers that needs to talk to
: each other, networking VPN will give each SOHO a private routing table(vrf),
: only including the networks they need access. also, from the public network
: nothing can get to the networks behind these SOHO routers. This will p
l*y
7 楼
em, definately there can be some more inteligent 'application routers'
to handle the problems NAT generates. apps using protocols such as SIP, FTP,
etc,
refer to the private ip of the endpoints behind NAT, this'll break the
applications unless some measure is taken to handle NAT. either the router
can re-write the signalling packets to replace private ips with public ip,
or the endpoints have to be aware and handle NAT, or ...
NAT can be single ip to single ip, btw, doesn't have to be multiple i
【在 i**p 的大作中提到】
: NAT does work well now, and makes inexpensive private network available
: without public IPs. It compromises with PORT number. The router has to check
: the port number in TCP/UDP layer for routing. Is it a drawback and will affect
: other application later?
:
: private
to handle the problems NAT generates. apps using protocols such as SIP, FTP,
etc,
refer to the private ip of the endpoints behind NAT, this'll break the
applications unless some measure is taken to handle NAT. either the router
can re-write the signalling packets to replace private ips with public ip,
or the endpoints have to be aware and handle NAT, or ...
NAT can be single ip to single ip, btw, doesn't have to be multiple i
【在 i**p 的大作中提到】
: NAT does work well now, and makes inexpensive private network available
: without public IPs. It compromises with PORT number. The router has to check
: the port number in TCP/UDP layer for routing. Is it a drawback and will affect
: other application later?
:
: private
相关阅读
Google中文定名"谷歌" 总裁应战百度火药味浓谁明白 syn flood是怎么回事?怎么下载新浪网的视频?webcam recommendationany method to register a lot of emails account in a short t (转载)热门网络技术开张,诚邀新老用户前去讨论 (转载)申请@live.com的方法zz请问router问题借人气问一下:我的router啥毛病? (转载)新问题 Re: 急救!CABLE MODEM 上不了网了! (转载)美国有什么好的VOIP(网络电话)终端设备?百度最终还是推出了地图服务 (转载)可以用outlook 收发yahoo mail吗?BT和电驴是同一个东西么?为什么有些网站国内上不了?browser gone mad急救!CABLE MODEM 上不了网了恢复被王八蛋netscape8搞坏的xml功能(msn聊天记录需要)word of the day for IT men: phishing (PG)home wireless router does not show on the available list..