Re: Bridging vs Routing Firewalls
This is a discussion on Re: Bridging vs Routing Firewalls within the IPFilter forums, part of the System Security and Security Related category; Carson Gaspar wrote: > --On Thursday, July 31, 2003 10:47 PM -0400 Jefferson Ogata > <Jefferson.Ogata@noaa....
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-01-2003
|
|||
|
|||
Re: Bridging vs Routing Firewalls
Carson Gaspar wrote:
> --On Thursday, July 31, 2003 10:47 PM -0400 Jefferson Ogata > <Jefferson.Ogata@noaa.gov> wrote: >> One downside to bridges is that they can't do NAT, except perhaps in very >> limited ways. > > Why? I've heard this before, and nobody who says it seems to have any > facts to back them up. There is absolutely nothing magic about > decrementing or not decrementing a hop count. Yes, your routing must be > configured properly, but that's not news. Why? I couldn't tell you -- I don't use IP Filter in a bridged configuration. And don't misunderstand me to be saying that it's not possible for Brand X bridge to support NAT (in fact, if you search the list archives you'll see I've stated it's possible). But, as I've said, in the case of IP Filter, others, including Darren, have stated that it just don't work right or completely, e.g.: http://marc.theaimsgroup.com/?l=ipfi...5283216321&w=2 http://marc.theaimsgroup.com/?l=ipfi...9717118236&w=2 http://marc.theaimsgroup.com/?l=ipfi...0667110724&w=2 http://marc.theaimsgroup.com/?l=ipfi...0387609631&w=2 http://marc.theaimsgroup.com/?l=ipfi...5408915756&w=2 If these statements are inaccurate, I'm sorry, but you know, Carson, the statement you quoted isn't really the central thesis of what I was saying, is it? -- Jefferson Ogata <Jefferson.Ogata@noaa.gov> NOAA Computer Incident Response Team (N-CIRT) <ncirt@noaa.gov> 
|
Linear Mode
