NAT w/o firewall?

Michael ODonnell michael.odonnell at comcast.net
Tue Dec 7 11:45:00 EST 2004


I only know enough about networking to be dangerous,
so out of morbid curiousity (and also to stimulate
discussion) I'd be interested in comments about the
(lack of) security in the following arrangement:
let's say I have a simple home network with a
combination of machines behind a Linux box that's
doing NAT/firewall duty.  If I rigged that NAT box
such that it'd allow establishment of no inbound
connections of any kind but forwarded all outbound
connections from any machine behind it (doing NAT for
all) couldn't I just basically turn off all other
firewall functions in that NAT box?  What kind of
attack could succeed in this situation, other than
hijacking a NAT'd connection which, I believe, if
it could be done at all would be something that I'd
probably have a hard time defending against even if
I had a fancy set of firewall rules in effect.  TIA.
 



More information about the gnhlug-discuss mailing list