Tracy R Reed wrote:
> Stewart Stremler wrote:
>> plumbed
>> with multiple IPs, and then allow "forwarding" to be allowed on a
>> per-IP as well as a per-port basis. (Presumably a soekris box could
>> do this easily.) Once this is "common functionality", the desktop
>> NAT boxen can do this as well.
>
> NAT boxes doing forwarding for multiple IP's? If you have multiple
> IP's
> available why not just route those IP's to their respective machines,
> do
> default deny, and have the problem solved cleanly?
People use NAT that way every day. I do it here. I have one IP which
handles all my outbound connections. I have another that is used for
only one machine and is static-NATed to my server. It filters all
inbound connections, limiting them to only protocols I allow. Many
smart people are NATing all their servers in colo with a firewall/NAT
device. Yes, you can run a filter on the local machine, but by using
NAT they have multiple levels of firewalling.
--
Neil Schneider pacneil_at_linuxgeek_dot_net
http://www.paccomp.com
Key fingerprint = 67F0 E493 FCC0 0A8C 769B 8209 32D7 1DB1 8460 C47D
"When the politicians complain that TV turns the proceedings into a
circus, it should be made clear that the circus was already here,
and that TV has merely demonstrated that not all the performers are
well trained." - Edward R. Murrow
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
