Reply
obrienw
Posts: 1
Registered: ‎04-03-2007

What's the purpose of Filter Internet NAT Redirection?

I needed to disable it and I understand what it does, i.e. that it prevents local computers from accessing the router (and then another computer via port forwarding) by its public IP.  But on a more technical level under what scenario would this feature protect me that having it disabled doesn't?  Now that I've disabled it, what sort of security threats does this open me up to?
Frunple
Posts: 620
Registered: ‎03-08-2007

Re: What's the purpose of Filter Internet NAT Redirection?

[ Edited ]
Say your public address is 1.1.1.2, and you have a lan of 192.168.1.0/24.
Someone on your lan wants to get to a ftp server at 192.168.1.254 and you have port 21 opened to that ip in your firewall.
With nat redirection enabled, they cannot get to the ftp server from ftp://1.1.1.2, they have to go to ftp://192.168.1.254. From outside you lan they can go to ftp://1.1.1.2.
 
It basically blocks access to local servers from local pc's using the public address. Doesnt block access to the servers using the lan address though.
 
If your local systems send packets to the -public- (external) IP
and port of your internal servers, then if the filtering is turned
on then the device will deny those packets; when the filtering is
turned off, the device will re-address those packets and send them
back inwards. In this situation, the source of the connection is local
and the destination ends up being the local server, but the address
used by the local computer was the outside address instead of the
inside address.

Allowing this kind of traffic to go through messes up the security
device's ideas of "source" and "destination" (especially for UDP),
so it cannot be done at the same security level as would be the
case if the source and ultimate destination were on different
interfaces of the security device.

Message Edited by Frunple on 04-04-200706:09 AM

kennedy2010
Posts: 1
Registered: ‎10-07-2010

Re: What's the purpose of Filter Internet NAT Redirection?

 i want to know if that will prevent others from using my passphrase code from intruders.other local residence want to access my wireless internet for free.they steal my security code from local residence, who have acquire my code legal  and insert it into their laptops.i want to stop these intruders now.so i want to know how to operate  the security settings.so that when i generate the code for you.you will be the only person to use it,

Expert
Expert
Posts: 12,649
Registered: ‎07-16-2006

Re: What's the purpose of Filter Internet NAT Redirection?

The filter nat redirection has nothing to do with security.

To secure your wireless network, go to the Wireless pages, set a unique SSID, enable WPA2 Personal security with AES encryption and a strong passphrase. Don't give the passphrase away. That's the only way to make sure that noone else connects to your wireless and can't give it away.
SidneyRoper
Posts: 2
Registered: ‎01-07-2011

Re: What's the purpose of Filter Internet NAT Redirection?

Depending on how many your business allows to access the internet, one method is to limit the MAC addresses.  If you want to prevent others from using the security key that was issued to one resident and not others.  You could do a MAC addres reservation depending on what router you have.

 

You could also do DHCP reservations as well (depending on the model) and then limit the number of DHCP client to those that have paid or whatever service you are offering.  

 

Either way they both will require an initial administrative setup. 

 

Personally, I believe in the DHCP reservations on an E3000 because it also uses MAC address's instead of PC/Server names.

acebros
Posts: 1
Registered: ‎04-15-2013

Re: What's the purpose of Filter Internet NAT Redirection?

I am hardwired to a wireless router and the other people in the building use the wireless.  How can I prevent them from accessing my computer, as (I think) we are on the same LAN?  Does enabling NAT redirection accomplish this, or does that only prevent intrusion from the Internet?

thebluemamba_24
Posts: 391
Registered: ‎12-31-2012

Re: What's the purpose of Filter Internet NAT Redirection?

Theoretically, any devices connected to the same network should be able to ping, share files/printers and map one another. What you can do though is to make sure that your computer has an administrative password and you could also change the workgroup name set on your computer.

Guttsy911
Posts: 7
Registered: ‎07-09-2013

Re: What's the purpose of Filter Internet NAT Redirection?

I came over this old thread and probably you have this covered, but what about making a guest network? That will give internet access while keeping the devices connected to the guest network separate from your LAN.
- Guttsy911
chaze
Posts: 1
Registered: ‎07-10-2013

Re: What's the purpose of Filter Internet NAT Redirection?

I realize that this is an old thread, but I came upon it by searching. AP isolation will not allow your wireless clients to view ANY other computer, let alone your hardwire PC.

Guttsy911
Posts: 7
Registered: ‎07-09-2013

Re: What's the purpose of Filter Internet NAT Redirection?

[ Edited ]

Was what I meant by making a "guest-network" (on the router). Most routers have this setting and it is exactly for these kinds of "situations". E.g. a shop giving WiFi access to it's customers without letting them enter their LAN (a separate SSID). It will work as a internet gateway and not allowing access to LAN. Maybe I was unclear :smileyhappy:

 

EDIT: I am sorry I did not see this was for WIRED routers. My suggestion is for wifi routers.

- Guttsy911