Link to home
Create AccountLog in
Avatar of desertratr
desertratrFlag for United States of America

asked on

Is NAT only acceptable as a firewall setting

I have a newly setup Actiontec M1000 ADSL modem for use with DSL service.  The default firewall setting is NAT only.  Is that acceptable for security purposes?  Would configuring it with both a high level firewall setting and also NAT provide any better security?
Avatar of thursdasy
thursdasy
Flag of United States of America image

You should just setup the firewall if it's available on your router. There should be no need for NAT setup on a home router.
Avatar of fdduran
fdduran

An unconfigured NAT usually blocks all connections from the internet to your computers behind the router. That gives plenty of security to all computers behind it from attacks coming from outside, however it does not block connections from your network to the internet, of from your network to your network. In other words it does  not protect your computers from each other and does not guarantee that a previously infected computer be unable to contact its overlord.

@thursdasy: Every IP Router implements NAT, home routers too, otherwise they wouldn't be routers.
NAT is Network Address Translation.

NAT  improve security by reusing IP addresses.
It prevent shortage of IP address.

When any PC use an unregistered IP address then NAT needed to communicate with rest of the world.

NAT can also do

- Static NAT/Port forward
- Dynamic NAT
- Overloading/PAT
- Overlapping


You can take telecommunication as an example where

in your office you have a office telephone number with extension. No outsider knows your extension number but only know your main office number. When some one is looking for you  an operator will check on the routing table. If the name and extension is match, then the call will be establish.

Somehow it does get echoed that NAT is for security. NAT was never meant for security and does provide no security by hiding the ip address as well. NAT is available for all the routers so that you can change to a public ip when you're on internet.

So do not consider NAT for security. Even if you NAT, the other party can identify your true ip address with the latest of browsers and technologies available now, unless you're paranoid and pretty much tighten up all the security.

Another way to look at it, say you have 10.1.1.1 and you NAT it to 100.1.1.1, still anything that contacts 100.1.1.1 goes to 10.1.1.1 and NAT has no functionality to prevent it. It is the firewall's other mechanism's (like access-lists) that blocks/allows connections and NAT by itself doesn't do anything other than converting the ip to and fro.

Hope that explains.

Cheers,
Rajesh
ASKER CERTIFIED SOLUTION
Avatar of wizzardofoz
wizzardofoz
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
>>NAT provides good inbound protection against unsolicited worms. This is because it denies any inbound packets that do not correspond to an outgoing connection.

This line above seems misleading. Even if we don't have NAT, a firewall would prevent any unsolicited inbound packets, doesn't it?

Cheers,
Rajesh
I agree and so stated in the next line
>This is only part of what a good firewall does
My aim was to explain why people say that the NAT provides some protection.
Oh okay, I misread wizzard.

Cheers,
Rajesh