Firewalls and NAT
andrew at cream.org
Thu Mar 21 19:51:11 GMT 2002
Apologies if I've brought this up on the list before, but I couldn't
find it in the archives.
My setup here is fairly standard:
Cable Modem ---> FreeBSD (doing NAT) ---> Various Windows/FreeBSD boxes
At present, the FreeBSD box has almost all of its services turned off,
and I have been able to confirm using nmap that the only port open
externally is the SSH one.
It seems to me that my connection is pretty secure as it is. The only
externally accessible IP belongs to the FreeBSD box, and as far as I can
see the only way for melicious traffic from the net to get onto the
internal network would be to 'hijack' one of the forwards that natd has
set up for incoming traffic. Is there any serious risk of this?
Am I being naive about the security offered by NAT? I know that NAT
isn't intended as a security measure but what would I have to gain by
implementing a proper firewall? Most high ports will have to be left
open anyway as they are needed for traffic returning through NAT. True?
Any help or opinions would be gratefully recieved.
More information about the Ukfreebsd