Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NAT vs translation vs routing in Gauntlet firewall

From: Dave Piscitello <dave () corecom com>
Date: Tue, 25 Jun 2002 14:22:07 -0400
All NAT devices *forward* IP packets. Most firewalls support some variant of NAT that hides the IP networks assigned to the trusted/protected network interface They do this by statically mapping an unique private (e.g., RFC 1918 compliant) IP address to individual public IP addresses (static NAT) or by dynamically mapping an entire set of private addresses to the single public IP address assigned to the public/external/Internet-facing network interface of the Firewall (commonly NATP).
I'm perhaps an old fart and purist, but I'd distinguish this kind of activity from (adaptive) routing. Firewalls commonly make forwarding choices based on static routing tables. Many firewalls don't (currently) support dynamic routing (e.g., RIP, OSPF, BGP). I say "currently" because the vendors in the high end (GigE capable) firewalls seem to be intent on supporting BGP. 

At 07:22 PM 6/13/2002 -0400, Mordechai T Abzug wrote:

Normally, NAT and NAT-P imply routing -- you can't do a regular NAT
unless you're also routing.  All NAT devices are routers, but not all
routers are NAT devices.



David M. Piscitello
Core Competence, Inc. &
3 Myrtle Bank Lane
Hilton Head, SC 29926
dave () corecom com
843.689.5595
www.corecom.com
hhi.corecom.com/~yodave/


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: