e
ernard
Oct 03, 2012

Is NAT just another name for a firewall?

I was at my brother's house, and home network security came up. He claims that his NAT router makes it unnecessary for him to set up a firewall. Honestly NAT (Network Address Translation) is something that I'm just not that familiar with. Is he correct. How secure would a home network be that just relied on NAT and did not use a firewall?

T
TheCount
10/04/2012

Nope, and it doesn't take the place of one either.  A firewall provides a much higher level of security. 

C
Christopher Nerney
10/04/2012

Not sure your brother is entirely correct, at least based on this...

 

"By itself, NAT does not provide all the features of a true firewall, but it is often used on servers that feature other firewall and antivirus support."

jimlynch
10/03/2012
Here's an article with background about NAT. I don't see why he wouldn't use NAT and a firewall. Makes more sense to do both, rather than just NAT.

Network address translation
http://en.wikipedia.org/wiki/Network_address_translation

"In computer networking, network address translation (NAT) is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device.
The simplest type of NAT provides a one-to-one translation of IP addresses. RFC 2663 refers to this type of NAT as basic NAT. It is often also referred to as one-to-one NAT. In this type of NAT only the IP addresses, IP header checksum and any higher level checksums that include the IP address need to be changed. The rest of the packet can be left untouched (at least for basic TCP/UDP functionality, some higher level protocols may need further translation). Basic NATs can be used when there is a requirement to interconnect two IP networks with incompatible addressing.

However it is common to hide an entire IP address space, usually consisting of private IP addresses, behind a single IP address (or in some cases a small group of IP addresses) in another (usually public) address space. To avoid ambiguity in the handling of returned packets, a one-to-many NAT must alter higher level information such as TCP/UDP ports in outgoing communications and must maintain a translation table so that return packets can be correctly translated back. RFC 2663 uses the term NAPT (network address and port translation) for this type of NAT. Other names include PAT (port address translation), IP masquerading, NAT Overload and many-to-one NAT. Since this is the most common type of NAT it is often referred to simply as NAT.

As described, the method enables communication through the router only when the conversation originates in the masqueraded network, since this establishes the translation tables. For example, a web browser in the masqueraded network can browse a website outside, but a web browser outside could not browse a web site in the masqueraded network. However, most NAT devices today allow the network administrator to configure translation table entries for permanent use. This feature is often referred to as "static NAT" or port forwarding and allows traffic originating in the "outside" network to reach designated hosts in the masqueraded network."
Answer this