DNS through Firewall
kcd at daimlerchrysler.com
Thu Feb 28 23:45:02 UTC 2002
William Stacey wrote:
> > In the first place NAT is not a firewall.
> Why not Gary? A firewall is "Any of a number of security schemes that
> prevent unauthorized users from gaining access to a computer network or that
> monitor transfers of information to and from the network". NAT routers
> surely fit that definition IMHO.
I thought the classical definition of a firewall was something like "a device
which enforces policy-based access controls between nodes on disparate
networks". If a NAT *only* NATs blindly between networks, without imposing any
filtering/blocking/ACLs then it is not a "firewall" by that definition.
Under any reasonable definitions of "firewall" and "NAT", however, the two
should not be considered mutually-exclusive. There are numerous commercial
products out there which perform both functions.
More information about the bind-users