[alb@quandary.org: Re: [Courses] [Security] Firewall theory -- UDP and nameservers]

Amanda Babcock alb at quandary.org
Fri Mar 22 09:33:06 EST 2002


Oops.  Meant to send this to the group.

----- Forwarded message from Amanda Babcock <alb at quandary.org> -----

Date: Fri, 22 Mar 2002 08:31:21 -0500
From: Amanda Babcock <alb at quandary.org>
Subject: Re: [Courses] [Security] Firewall theory -- UDP and nameservers
To: hobbit at aloss.ukuu.org.uk

On Fri, Mar 22, 2002 at 01:14:35PM +0000, hobbit at aloss.ukuu.org.uk wrote:

> I gather 'firewall' is a military term originally, too. 

I don't think it is.  I believe it's a car engine term.  The firewall is
there to stop (or delay) engine fires from getting into the cabin, I think.

> Never known
> what it means in that context. I can't think of many things which 
> sound pleasant that it might be.

Well, I hope that's a more pleasant interpretation :)

> The only thing I'm not sure about now is what this NAT stuff is.

Network Address Translation.  So you might have:

 Internet <--- [ NAT-enabled firewall ] -------- [ local network ]
        public addresses         private addresses

The NAT-enabled firewall talks to the Internet using public (and publically
attackable) addresses, but the machines on the local network all have 
addresses from private network space that shouldn't be routable on, or
reachable from, the Internet.  When a privately addressed machine wants 
to reach something on the Internet, the firewall checks its other firewall 
rules to make sure that what it wants to do is permissible, and then passes 
along the packets, rewriting the return address to something from the 
public block, and optionally rewriting the originating port (if it has to 
squeeze everybody onto one public address, it will use the ports to tell 
which packet is in response to which request).

Amanda

----- End forwarded message -----



More information about the Courses mailing list