> Benedict simon wrote:
>
>>actually i have a cureent setup running for sometimes n workin good
>>my internal network of servers ( like mail, web , dns ) are under
>>shorewall with public IPs
>>
>>but there was jus a debate as to run the public servers currently on
>> pulic
>>ip to have private IPs n NAT them ... as enhancing the security ....
>
> NAT seems to fascinate some people, strange how "broken" should come
> to be regarded as "good" ;-)
>
> NAT won't protect you from a compromised machine being used for
> outbound attacks on others - a good firewall will.
>
> NAT won't stop anything inbound that couldn't be stopped by a good
> firewall. The only difference is that should the firewall fail (such
> as Shorewall fail to load) then NAT does provide the equivalent of a
> "drop all" policy.
>
> If you have it working, then don't change it. IMO, NAT breaks far
> more than the minor security benefits are worth.
>
Thanks for ur mail
really do apprecite.
i guess n will stick to ur advice of not changing anything
as the setup is running good for last 1 year
regards
simon
>
> Come IPv6 we'll be using public IPs again, then we can have the same
> argument all over again :-)
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://sourceforge.net/services/buy/index.php
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
--
Network ADMIN
-------------
KUWAIT MUNICIPALITY:
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
