-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bernhard,
I have to disagree. You are right when you say that private addresses
provide security in that sense that they can not be routed in the
Internet (usually). However, NAT circumvents exactly that security
benefit by what it does, translation between private and registered
IP addresses. NAT alone does not let you specify which internal hosts
are accessible from the outside. That functionality is provided by
access lists, but not NAT. NAT merely replaces IP addresses, it does
not provide access control. That's an ...uhm.. added benefit (some
call it feature :) of firewalls and routers.
Regards,
Frank
PS: Gruesse nach Deutschland.
> -----Original Message-----
> From: Bernhard Petri [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, November 23, 1999 3:30 AM
>
> Hallo Frank,
> I think your are wrong here. By using NAT and inofficial or private
> addresses for your internal network you determine which internal
> hosts are accessible at all from the outside. So NAT can be in any
> case an efficient security measure. Of course it's normally not
> sufficient as the single one.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME (X.509) encrypted email preferred.
iQA/AwUBODtnT0RKym0LjhFcEQLNegCg0AJGEvehPrR3ZFWAQu6UktR56roAn3UM
vyNCbfNz8L2aX3OKCgFRgZlB
=MnFR
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
