On 7 Sep 99, at 19:43, Remco Vaal wrote:
> When I use NAT on my router, and my internal LAN has an ip range 192.168,
> what are the potential security problems. An number 192.168 isn't acceseble
> from the internet I think.
Your remote machine will effectively have *two* network interfaces:
1. Its normal external IP address with which it connects to the internet --
and, specifically, across the net to your VPN server (which also has such an
external address...).
2. An internal address, part of your 192.168. range; packets to/from this
address flow through an encrypted connection between the two external
addresses referred to above in #1.
The encrypted content is internal traffic on your 192.168. subnet; if the
encryption is inadequate, an outsider might be able to snoop or even hijack
your traffic, and thus get onto your trusted internal network without having
to traverse your firewall.
The non-routability of RFC1918 addresses isn't an issue here, really,
because the traffic between those addresses is carried over the internet as
encrypted payload on a connection between two normal addresses.
David G
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
