Subj : Re: Connect...??
To   : Michiel van der Vlist
From : Tony Langdon
Date : Sat Jan 14 2017 15:42:00

-=> Michiel van der Vlist wrote to Tony Langdon <=-

 MvV> Indeed, it is a firewall function. What, in my opinion, went wrong is
 MvV> that the IPv4 NAT was presented as a firewall. Which it isn't. Although
 MvV> in some way NAT /acts/ as a firewall in that it blocks unsollicited
 MvV> incoming packets, unless explicitly told what to do with it, it is not
 MvV> a firewall. The blocking is just a emergent effect.

Again, we agree. :)

 MvV> A real firewall is something different. If so configured, it also
 MvV> blocks unsollicited incoming packets. But it can do more that that. It
 MvV> can also detect certain kind of attacks, port scans, flooding etc. Plus
 MvV> that a firewall can also act on outgoing traffic. OTOH, a firewall can
 MvV> not do translation. It is not a NAT.

Again, agree.  Packet filtering is only one function that a firewall can
perform, as you point out.  Either way, it's not NAT.  NAT has a different
purpose - rewriting IP addresses to achieve some networking goal (most commonly
share a single public IP among multiple hosts).

 MvV> I guess we will have to live with what seems to be evolving practice:
 MvV> it is both called "forwarding"..

Looks like it. :(

 MvV> I am a bad teacher, I won't even try..

:)


 MvV> I put this new IPv6 capable modem/router into service six weeks ago. So
 MvV> I had to delve into it again.

Mine's been in service for years.  I occasionally tweak it when I change
something on the LAN, last tweak was to put the HAMnet router as the IPv4
exposed host, so IP-IP encapsulation works.

 TL> ... This is abuse, arguments are down the hall.

 MvV> I loved that sketch! ;-)

Yes!  I haven't seen it for many years.


.... Go on, be yourself!  There isn't anyone better qualified.
--- MultiMail/Win32 v0.49
 * Origin: Freeway BBS - freeway.apana.org.au (3:633/410)

.