DNS through Firewall

Kevin Darcy kcd at daimlerchrysler.com
Thu Feb 28 23:45:02 UTC 2002

William Stacey wrote:

> > In the first place NAT is not a firewall.
> Why not Gary?  A firewall is "Any of a number of security schemes that
> prevent unauthorized users from gaining access to a computer network or that
> monitor transfers of information to and from the network".  NAT routers
> surely fit that definition IMHO.

I thought the classical definition of a firewall was something like "a device
which enforces policy-based access controls between nodes on disparate
networks". If a NAT *only* NATs blindly between networks, without imposing any
filtering/blocking/ACLs then it is not a "firewall" by that definition.

Under any reasonable definitions of "firewall" and "NAT", however, the two
should not be considered mutually-exclusive. There are numerous commercial
products out there which perform both functions.

- Kevin

More information about the bind-users mailing list