ToddAndMargo wrote:
> John John - MVP wrote:
>> ToddAndMargo wrote:
>>> Hi All,
>>>
>>> I would like to test my firewall, but have a NAT box
>>> between me and the various firewall tests I know
>>> of. Anyone know of a firewall test that shoots
>>> through NAT?
>>
>> NAT would be pretty useless if anything could just "shoot" through it.
>> Open (forward) a port in the box or temporarily disable/bypass the NAT
>> box for your tests.
>>
>> John
>
> Hi John,
>
> The bad guys know all about NAT. And it is indeed useless
> as a firewall.
>
> The bad guys start with 192.168.0.0/24 and work their way
> up. Check your firewall logs, you will see SYN packet probes
> on it all the time: about 1/100 if you did not use NAT, but
> still enough to do damage. NAT is *not* a firewall -- it is
> a common misconception.
>
> I was hoping to way to test it without redoing anything
> on my network.

I'm by no means any kind of expert on this but my understanding about
NAT is that it will only allow traffic in if the request for the packets
originated from within. You say that you have a "NAT box" I assume that
to be a router of sorts, check the documentation for your router.

John