Re: UPNP/SSDP
From: CZ (CZ_at_no99spam.com)
Date: 07/19/04
- Next message: kEN: "Re: Problem starting the machine!"
- Previous message: Rob Schneider: "Re: A queer problem - PC is shutting down"
- In reply to: francis gerard: "Re: UPNP/SSDP"
- Next in thread: Jotenko: "Re: UPNP/SSDP"
- Reply: Jotenko: "Re: UPNP/SSDP"
- Reply: francis gerard: "Re: UPNP/SSDP"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 18 Jul 2004 23:21:06 -0700
Francis:
>> the firewall does stateful inspection of packets
Most end user firewalls are stateless (or primarily so)
>> the NAT router is a packet filter that routes packets
Generally, neither a NAT nor a router are referred to as packet filters. A
NAT does address translation and port matching per a port table, a router
routes packets between two interfaces per a routing table, and a packet
filter makes a forward/discard decision based on info in the packet headers.
>> private IPs are used on the internal LAN side and are not routeable on
>> the WAN (internet) side and vice versa.
Not exactly.
Private IP addresses are routable, as I do it frequently in test scenarios.
It depends upon the routers routing table.
IMO, re: a NAT-router, a router port accepts the packet, passes it to the
NAT (which makes an address change), then the packet is compared to the
router's routing table and is sent to the designated router port.
A key issue here is that outside initiated inbound packets with the WAN port
address are dropped by the NAT (as they do not have a match in the NAT's
port table), not by the router.
And, an outside initiated inbound packet with a private IP address would not
be picked up by the router.
>> you should have *both* a router and a firewall in place, but the
>> application-level firewall is more important to guard against the types
>> of traffic leaving your machine, that perhaps shouldn't be
Agreed, except that I would want more than just an application gate type of
firewall (eg. ZA free) which does not also do packet filtering for outbound
packets (Sygate does both, ZA free does not). Actually, I find using ZA
free (an application gate f/w) together with BlackIce (an ID) to be a fairly
good end user f/w setup.
- Next message: kEN: "Re: Problem starting the machine!"
- Previous message: Rob Schneider: "Re: A queer problem - PC is shutting down"
- In reply to: francis gerard: "Re: UPNP/SSDP"
- Next in thread: Jotenko: "Re: UPNP/SSDP"
- Reply: Jotenko: "Re: UPNP/SSDP"
- Reply: francis gerard: "Re: UPNP/SSDP"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
