On Fri, Jan 21, 2005 at 12:50:46PM -0300, Marcelo Bezerra wrote: > Because this router is doing NAT. Not only rounting. > > On Fri, 2005-01-21 at 09:55 -0500, Tony wrote: > > Explain why you need to setup port forwarding on any router to run a > > server behind it. > > > > Routers block all unsolicited incomming requests BY DEFAULT. Unless > > it's some shitty router with a poor config. It acts as a firewall > > protecting the internal network from outside traffic (this does NOT > > mean though that any outgoing requests are blocked, those are NOT). > > > > Please read up before replying.
Marcelo is 100% correct. A router itself will not block any traffic. You can add blocking or port limiting. This is usually limited in functionality because a firewall is a lot more than simply a router with access controls. Some routers can add firewall functionality in their software or with a dedicated hardware module. The reason you have to setup port forwarding on a home "router" is that they run NAT (Network Address translation) to share the one public IP address among mutiple computers. NAT basically intercepts the outgoing traffic and pretends it's all coming from the single public IP address. All internal machines use private (RFC 1918) IP addresses that are not routed on the internet. Since an inbound connection can not be addressed directly to in internal computer (those IPs are not routed on the internet), all inbound connections are actually addressed to the NAT router. The forwarding tells the router where to send the connection, after the NAT. The term "router" in our contect is more akin to a cheap firewall. They do route, but ony between two ethernet interfaces. They all have NAT functionality and some stateful firewalling features. A true blue router with only routing functionality would require a public IP network on each interface and would not block any incoming or outgoing connections (without access controls). -- Hexis www.hxxl.com _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds