[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] OS-discussion

Subject: Re: [cobalt-developers] OS-discussion
From: "Matthew Nuzum" <cobalt@xxxxxxxxxxxxx>
Date: Tue Mar 26 07:06:33 2002
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

> Do these BSD firewalls work without NATting?  NATting is NOT something
> our clients like.  It's not something we like.  So can we firwall, yet
> still maintain our public IP#s using these products?  If so, can you
> direct me towards documentation or a how-to?

I believe that every router can do this, even Linux.

Also, just because you use NAT doesn't mean you can't have a public IP
address.  As a matter of fact, NAT (by literal definition) implies that
every host behind a router has an addressable IP on a 1 to 1 ratio.  There
is no rule that your ?AT router has to protect only computers with private
IPs.  If your router is the gateway router between your subnet and the
Internet and has the ability to handle rules (aka is a "firewall" in
addition to a router) then it shouldn't matter what your ip addresses are.

Of course all of that is moot if you the Internet or your NAT users can can
bypass your router.  I have traditionally used Cisco routers for doing this
kind of work.  Never-the-less, I know that Linux can do it (in all 2.x
kernels I believe) and I've done it with FreeBSD 3.3.

Matt Nuzum

Follow-Ups:
- Re: [cobalt-developers] OS-discussion
  - From: E.B. Dreger
- Re: [cobalt-developers] OS-discussion
  - From: Jeff Lasman

References:
- Re: [cobalt-developers] OS-discussion
  - From: E.B. Dreger
- Re: [cobalt-developers] OS-discussion
  - From: Jeff Lasman

Prev by Date: [cobalt-developers] SYN flooding
Next by Date: Re: [cobalt-developers] SYN flooding
Previous by thread: Re: [cobalt-developers] OS-discussion
Next by thread: Re: [cobalt-developers] OS-discussion

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index