Re: selecting old machines for firewall/router use

To: debian-user@lists.debian.org
Subject: Re: selecting old machines for firewall/router use
From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
Date: Wed, 23 Feb 2011 14:15:02 +0100
Message-id: <[🔎] 4D650856.6010703@plouf.fr.eu.org>
In-reply-to: <[🔎] 4D6500BD.7000700@affinityvision.com.au>
References: <[🔎] 4D617362.2020801@att.net> <[🔎] 4D61E478.4080504@hardwarefreak.com> <[🔎] 4D62DE67.4050804@plouf.fr.eu.org> <[🔎] 4D62F904.3040603@hardwarefreak.com> <[🔎] AANLkTi=mu8pBEiPOP=t9wMs7998fchyNCt5qOXvxPyjw@mail.gmail.com> <[🔎] 20110222004104.GC19828@n0nb.us> <[🔎] AANLkTi=dS4r87g58Kg6o4M_uxK6eX49SKgxgxvGhi4ce@mail.gmail.com> <[🔎] 4D6500BD.7000700@affinityvision.com.au>

Andrew McGlashan a écrit :
> 
> Well .... NAT does have it's advantages, one being that it can act as a 
> reasonably good barrier as a NATural firewall.

This is a common misconception. I cannot tell about other NAT's, but
Netfilter NAT is not a barrier at all.

> but if you have every device with IPv6 (or v4 for that matter) being 
> addressable from any location,

NAT does not prevent this. Private (for IPv4) or unique local (for IPv6)
addressing prevents it.

> then personal firewalls will become much more important.
> 
> An unpatched machine [for whatever reason], behind NAT has a fighting 
> chance, but one which is directly addressable from the Internet is much 
> more vulnerable to attack.

This is not correct. A stateful packet filter replacing the NAT at the
border will just do the job.

Reply to:

Follow-Ups:
- Re: selecting old machines for firewall/router use
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>

References:
- selecting old machines for firewall/router use
  - From: "Elmer E. Dow" <elmeredow@att.net>
- Re: selecting old machines for firewall/router use
  - From: Stan Hoeppner <stan@hardwarefreak.com>
- Re: selecting old machines for firewall/router use
  - From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
- Re: selecting old machines for firewall/router use
  - From: Stan Hoeppner <stan@hardwarefreak.com>
- Re: selecting old machines for firewall/router use
  - From: shawn wilson <ag4ve.us@gmail.com>
- Re: selecting old machines for firewall/router use
  - From: Nate Bargmann <n0nb@n0nb.us>
- Re: selecting old machines for firewall/router use
  - From: Paul Fraser <pfraser@xl12.net>
- Re: selecting old machines for firewall/router use
  - From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>

Prev by Date: Re: Software RAID on external USB disk: boot problems after upgrade to squeeze
Next by Date: Setting the screen resolution in grub2
Previous by thread: Re: selecting old machines for firewall/router use
Next by thread: Re: selecting old machines for firewall/router use
Index(es):
- Date
- Thread