[alb@quandary.org: Re: [Courses] [Security] Firewall theory -- UDP and nameservers]
Amanda Babcock
alb at quandary.org
Fri Mar 22 09:33:06 EST 2002
Oops. Meant to send this to the group.
----- Forwarded message from Amanda Babcock <alb at quandary.org> -----
Date: Fri, 22 Mar 2002 08:31:21 -0500
From: Amanda Babcock <alb at quandary.org>
Subject: Re: [Courses] [Security] Firewall theory -- UDP and nameservers
To: hobbit at aloss.ukuu.org.uk
On Fri, Mar 22, 2002 at 01:14:35PM +0000, hobbit at aloss.ukuu.org.uk wrote:
> I gather 'firewall' is a military term originally, too.
I don't think it is. I believe it's a car engine term. The firewall is
there to stop (or delay) engine fires from getting into the cabin, I think.
> Never known
> what it means in that context. I can't think of many things which
> sound pleasant that it might be.
Well, I hope that's a more pleasant interpretation :)
> The only thing I'm not sure about now is what this NAT stuff is.
Network Address Translation. So you might have:
Internet <--- [ NAT-enabled firewall ] -------- [ local network ]
public addresses private addresses
The NAT-enabled firewall talks to the Internet using public (and publically
attackable) addresses, but the machines on the local network all have
addresses from private network space that shouldn't be routable on, or
reachable from, the Internet. When a privately addressed machine wants
to reach something on the Internet, the firewall checks its other firewall
rules to make sure that what it wants to do is permissible, and then passes
along the packets, rewriting the return address to something from the
public block, and optionally rewriting the originating port (if it has to
squeeze everybody onto one public address, it will use the ports to tell
which packet is in response to which request).
Amanda
----- End forwarded message -----
More information about the Courses
mailing list