On Fri, Jun 08, 2007 at 11:00:21AM -0400, Will Murnane wrote: > On 6/8/07, Roberto C. Sánchez <[EMAIL PROTECTED]> wrote: > > On Fri, Jun 08, 2007 at 08:02:41AM -0400, Will Murnane wrote: > > > > > > That doesn't make NAT necessary or good. It's simply that in most > > > cases there aren't enough IPs to go around. If there were, NAT would > > > be (IMO) useless. > > > > > That is, unless your intent is to make it (virtually) impossible to > > address your host(s) globally. > Name a case in which firewalling does not suffice. I'm curious to see > what your answer will be. > I am not saying that firewalling is not sufficient, simply that NAT is viewd by some an added layer of defense. If it is not physically possible to address a particular host globally, then you must first penetrate another point on the network (likely a very well secured point) first. Think about it. Is there *ever* a need for a database server that powers a website to be accessible from the public Internet? Probably not.
Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
