Firewalls and NAT

Andrew Boothman andrew at cream.org
Thu Mar 21 19:51:11 GMT 2002


Hi!

Apologies if I've brought this up on the list before, but I couldn't 
find it in the archives.

My setup here is fairly standard:

Cable Modem ---> FreeBSD (doing NAT) ---> Various Windows/FreeBSD boxes

At present, the FreeBSD box has almost all of its services turned off, 
and I have been able to confirm using nmap that the only port open 
externally is the SSH one.

It seems to me that my connection is pretty secure as it is. The only 
externally accessible IP belongs to the FreeBSD box, and as far as I can 
see the only way for melicious traffic from the net to get onto the 
internal network would be to 'hijack' one of the forwards that natd has 
set up for incoming traffic. Is there any serious risk of this?

Am I being naive about the security offered by NAT? I know that NAT 
isn't intended as a security measure but what would I have to gain by 
implementing a proper firewall? Most high ports will have to be left 
open anyway as they are needed for traffic returning through NAT. True?

Any help or opinions would be gratefully recieved.

Many thanks.

Andrew.





More information about the Ukfreebsd mailing list