由买买提看人间百态

boards

本页内容为未名空间相应帖子的节选和存档,一周内的贴子最多显示50字,超过一周显示500字 访问原贴
Internet版 - NAT, router, firewall (转载)
相关主题
请教Firewall高手?在Linux router/firewall后使用Netmeeting心得
[转载] NAT(ZZ)[转载] LAN 问题请教
如何访问路由器后的计算机如何访问我自己的机器?
[转载] 请教DSL问题HELP: VPN Firewall/Router/Switch (转载)
Re: DIALPAD的问题 (for firewall and proxy users)Winodws Server 2008 R2 (转载)
诚聘可以将UDP封装成TCP的高手。(windows 环境下)Re: 什么是dhcp?
请问有用emule的吗?two questions about computer network
每次打开电骡以后不能连上国内服务器Re: [转载] 还是问一个具体问题吧,router上网怎么用msn视频呀?
相关话题的讨论汇总
话题: nat话题: ip话题: private话题: firewall话题: router
进入Internet版参与讨论
1 (共1页)
i**p
发帖数: 902
1
【 以下文字转载自 CS 讨论区 】
发信人: isup (No), 信区: CS
标 题: NAT, router, firewall
发信站: BBS 未名空间站 (Mon Sep 19 15:44:07 2005)
I found most vendors talking NAT in the firewall category. I thougt NAT is
main for IPv4 shortage, which will reuse private IPs in Internet. The effect
is to hide internal IP. In this sense, it is rather routing than security. Any
guru like to comment/discuss it?
l***y
发帖数: 791
2
using routing to provide security, IMHO, is like having a wisely
structured castle built, before putting in well-armed and well-trained
soldiers. simple firewalling often builds around a DMZ, which is a
network segment. using private IP for that segment saves the money to
buy more public ip addresses. there're more ways than one to do NAT,
but the gist for it is that network engineering should be the first step
in development. having entry and exit points in a large, well segmented
network, vs a

【在 i**p 的大作中提到】
: 【 以下文字转载自 CS 讨论区 】
: 发信人: isup (No), 信区: CS
: 标 题: NAT, router, firewall
: 发信站: BBS 未名空间站 (Mon Sep 19 15:44:07 2005)
: I found most vendors talking NAT in the firewall category. I thougt NAT is
: main for IPv4 shortage, which will reuse private IPs in Internet. The effect
: is to hide internal IP. In this sense, it is rather routing than security. Any
: guru like to comment/discuss it?

i**p
发帖数: 902
3
Thanks!
"NAT" is bacame another name of RFC 1631, right?
Is there any other standard/method used in SOHO router for the same purpose?

【在 l***y 的大作中提到】
: using routing to provide security, IMHO, is like having a wisely
: structured castle built, before putting in well-armed and well-trained
: soldiers. simple firewalling often builds around a DMZ, which is a
: network segment. using private IP for that segment saves the money to
: buy more public ip addresses. there're more ways than one to do NAT,
: but the gist for it is that network engineering should be the first step
: in development. having entry and exit points in a large, well segmented
: network, vs a

l***y
发帖数: 791
4
a more expensive solution, which is also very old, i think, is VPN.
software VPN will setup a tunnel from your side to server side. this
will work whether or not you have a home/small office private network.
for a scattered number of small office routers that needs to talk to
each other, networking VPN will give each SOHO a private routing table(vrf),
only including the networks they need access. also, from the public network
nothing can get to the networks behind these SOHO routers. This will p

【在 i**p 的大作中提到】
: Thanks!
: "NAT" is bacame another name of RFC 1631, right?
: Is there any other standard/method used in SOHO router for the same purpose?

i**p
发帖数: 902
5
NAT does work well now, and makes inexpensive private network available
without public IPs. It compromises with PORT number. The router has to check
the port number in TCP/UDP layer for routing. Is it a drawback and will affect
other application later?

private

【在 l***y 的大作中提到】
: a more expensive solution, which is also very old, i think, is VPN.
: software VPN will setup a tunnel from your side to server side. this
: will work whether or not you have a home/small office private network.
: for a scattered number of small office routers that needs to talk to
: each other, networking VPN will give each SOHO a private routing table(vrf),
: only including the networks they need access. also, from the public network
: nothing can get to the networks behind these SOHO routers. This will p

l***y
发帖数: 791
6
em, definately there can be some more inteligent 'application routers'
to handle the problems NAT generates. apps using protocols such as SIP, FTP,
etc,
refer to the private ip of the endpoints behind NAT, this'll break the
applications unless some measure is taken to handle NAT. either the router
can re-write the signalling packets to replace private ips with public ip,
or the endpoints have to be aware and handle NAT, or ...
NAT can be single ip to single ip, btw, doesn't have to be multiple i

【在 i**p 的大作中提到】
: NAT does work well now, and makes inexpensive private network available
: without public IPs. It compromises with PORT number. The router has to check
: the port number in TCP/UDP layer for routing. Is it a drawback and will affect
: other application later?
:
: private

1 (共1页)
进入Internet版参与讨论
相关主题
Re: [转载] 还是问一个具体问题吧,router上网怎么用msn视频呀?Re: DIALPAD的问题 (for firewall and proxy users)
FTP 服务器问题诚聘可以将UDP封装成TCP的高手。(windows 环境下)
下一代互联网IPv6规划 中国2亿元支持四大重心请问有用emule的吗?
为什么用Wireless router,BT 很慢?每次打开电骡以后不能连上国内服务器
请教Firewall高手?在Linux router/firewall后使用Netmeeting心得
[转载] NAT(ZZ)[转载] LAN 问题请教
如何访问路由器后的计算机如何访问我自己的机器?
[转载] 请教DSL问题HELP: VPN Firewall/Router/Switch (转载)
相关话题的讨论汇总
话题: nat话题: ip话题: private话题: firewall话题: router