Firewall Question

[Benny]

Originally posted by smilodon@Dec 6 2004, 10:57 AM
There are two firewalls in this saga. It also allows all incoming connection and passes them to NAT.
The software firewall sees the UDP packets from Steam as unsolicited and I have to set up inbound rules in the software firewall to account for them.

Out though port xyz and back in through port zyx is called 'trigger ports' in my modem configration. It says Forward a range of ports to an IP address on the LAN only after  specific outbound traffic But I don't use that either

Ok, sorry, slowly getting my head round what you're saying.
Ypu have a router doing NAT.  Forwarding all ports inbound to x address.  The bit I'm struggling with is

NAT obvioulsy is seeing the UDP packets from Steam as return packets in the state table and forwards them to my PC. I don't have IP passthrough or DMZ or any of that stuff active...just simple NAT.

Simple NAT doesn't do that. Simple NAT translates IP addresses, and that is all, it doesn't rely on state tables or the like, unless it's for TCP.

I think, and feel free to kick me in the nuts, you have a router doing NAT

your private address to your public ISP assigned address and vice versa, no restrictions.

And you also have your software firewall - port filtering on your PC.

It don't use it mainly because it isn't application specific.

Each to their own and I'm certainly not critisinfnngnangn/ belittling, but I  know what's installed on my PC and I don't feel the need to be application specific. source/destination/port is good enough for most hosting organisations, and is certainly good enough for me. Just keep an eye on what you download/install and make sure your av is up to date, and run spyware things now and then.

As a side note, Giant antispyware looks good on my limited trial.


Personally I use a hardware router with a firewall on it. It does the NAT and the port based security.  Netgear 824g

[smilodon]

Well that's another way of putting it, but I thought mine explaination was simpler  

[Wordan]

I have a question about NAT. I always thought NAT worked by maping connections to ports, ie: when the the webserver sends back the data to a particular port the NAT router knows which internal IP address it needs to go to. You only have one external IP address.

I always wondered what IP Masquerading did. I recently read that IP Masquerading does what I have described above, and that NAT actually maps many external ip address to many private addresses.  :huh:   Am i understanding that right?

http://en.tldp.org/HOWTO/IP-Masquerade-HOW...at-is-masq.html

ok, iv just noticed them refering to it as 1:Many NAT which defeats the purpose of this post but whatever    I thought shouldnt what most people call NAT be called IP masquerading?

sorry I dont know much else, I cant help with the first post and that this post is kinda offtopic

[albert]

Following on from Smilos main 3 points.

The important thing is that you have a firewall, be it on your pc in the form of software or on another pc or router or router/modem that perhaps does the dial up to ADSL or Cable.

On the topic of ports and opening ports. If you have a good firewall like the Stateful Inspection Firewall Benny and TL mention, then it can track conversations between your PC and Internet destinations. If you go a step further the firewall may inspect each packet to ensure that port is actually HTTP traffic so using another protocol over a well known widely used port like port 80 is detected and dropped.

If you have the time and really want to (nerd) learn this type of stuff, get yourself a cheap old PC with two or three NICs on it and install Linux and one of the many free Linux firewalls. Gentoo is a pretty secure distribution.

Edit: NAT is address to address translation, PAT (not the posty) is PORT Address Translation, i.e. many internal LAN addresses to one IP address but distinguished by the firewall by giving each mapping a different port so return traffic goes back to the correct internet IP address.

[smilodon]

IP masquerading and NAT are two ways to achieve the same effect, to allow several PC's on a LAN to share a single IP address on the Internet.

IP Masquerading is used in a Linux setup where one Linux box sits as a bridge between the LAN and the Internet.

NAT does something similar but is found within a router rather thanm on a PC.

AFAIK

[Benny]

NAT is Network Address Translation.

Converts one or many addresses to another. 1 to 1, 1 private address becomes 1 public and vice versa. Hit google up for RFC 1918 if you are interested in public and private addressing.

Or you can have many to one. Multiple PC's, as Smilo says hidden behind one real address.

You can use port forwarding in conjunction with NAT. For example, I have three PC's all can browse the internet using a simple many to one. Inbound connections are port forwarded based on the port. So, a port 80 request comes into my public address and is re-routed to my private web server address as it is port 80.

Port 21 goes to a different PC.