> Date: Fri, 16 Mar 2001 00:26:58 +0000 (GMT)
> From: Pere Camps <[EMAIL PROTECTED]>
>
> Valerie,
>
> > If you are using NAT with a firewall, then the NAT will not
> > hurt you.
>
> NAT can hurt you. Just find an application not supported by your
> fw that embeds ip addresses in the application layer and thats it.
The question was specificly about if using NAT with Firewall-1
would weaken the security, and I still say it will not hurt you in
that fashion.
True, many applications just don't work when NAT is used. A lot
of this depends on the box that is doing the NAT and how smart
it is about processing IP addresses in data portion of a packet
(FTP being the classic example).
>
> Where I work we just had one which has made us set up tunneling in
> our own LAN/WAN.
I'm not sure why you wouldn't use an encrypted tunnel in the first place,
if the traffic was going over a network where your IPs weren't valid
(presumably the Internet), to another private network where they were.
That is definitely more secure! :-)
Valerie
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
