Re: router vs. gateway
From: Phillip Windell (_at_.)
Date: 09/10/04
- Next message: Bob: "Name resolution doesnt work after reboot"
- Previous message: Cloaked: "Re: Problem adding 2nd NIC???"
- In reply to: Roland Hall: "Re: router vs. gateway"
- Next in thread: Roland Hall: "Re: router vs. gateway"
- Reply: Roland Hall: "Re: router vs. gateway"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 10 Sep 2004 09:32:14 -0500
"Roland Hall" <nobody@nowhere> wrote in message
news:%230o3u8wlEHA.2612@TK2MSFTNGP15.phx.gbl...
> I don't see a firewall as a NAT device although it may support NAT
> functionality.
Never seen one that wasn't a NAT Device. Of course I am talking about the
firewall appliance or computer based firewall,...not those software based
"personal firewalls" like ZoneAlarm, ICF, etc.
> : A router can double as a NAT Device, but a NAT Device cannot double as a
> : router.
>
> I'm not clear on that statement.
A router can be made a NAT Device by enabling NAT and [optionally] setting
up ACLs. However, a NAT Device (Hardware, Cable/DSL "routers", ect) can not
have NAT turned off and will always have a "trusted" vs "untrusted" network.
They cannot have these things turned off and let you stick the thing in the
middle of a LAN between two LAN segments and use it like you would use a
Cisco 2600 Series to route normal LAN traffic. They are dedicated NAT
devices and they should be marketed as such and not be called "routers". I
would be satisfied with "NAT Server" or even "Firewall" but not "router".
> That might also be because their target is to sell firewall functionality.
> If a firewall appliance does not route a packet, then it functions as a
> bridge, does it not?
No. Bridging is done across like subnets where it is the same subnet on both
sides of the device. Common network Switches are "bridges",...multi-port
bridges to be more accuarte as opposed to the old two-port bridges of the
past. A "Firewall Appliance" does not route a packet,..it "NATs', or
"Translates" the packet. Yes NAT does require Layer3 routing as its
underlying "engine", but it is still considered a different technology that
simply runs on top of Layer3 Routing. This relationship between the two is
why a common*real* router can function as both a NAT Device or as a Router
by simply toggling the NAT functionality on or off and establishing or
de-establishing a "trusted" vs "untrusted" network using a LAT.
But Cable/DSL boxes are dedicated NAT Devices and they can not do anything
else. So to be accuarte they should be sold as "NAT Servers" or "Firewalls",
not as routers. I have already run into several people who thought you
could use one of these "so-called" routers as a regular LAN router on their
LAN due to the way people's concept of a router has been skewed and twisted
by the marketing terminology of these SOHO devices.
> : are you planning to go to the MVP Mini-Summit?
>
> I wasn't invited. I'm not an MVP, except on Singapore Airlines. (O;=
Well, you never know, you may get that letter from MS one day. I wasn't
expecting it when I got it. My MVP is in "Proxy/ISA" which seems to be kind
of a branch or segment of the "Security" MVPs. Although personally I
consider myself more of just a "general networking" guy.
-- Phillip Windell [MCP, MVP, CCNA] www.wandtv.com
- Next message: Bob: "Name resolution doesnt work after reboot"
- Previous message: Cloaked: "Re: Problem adding 2nd NIC???"
- In reply to: Roland Hall: "Re: router vs. gateway"
- Next in thread: Roland Hall: "Re: router vs. gateway"
- Reply: Roland Hall: "Re: router vs. gateway"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
