* Kevin McConnell (kevymac@yahoo.com) wrote: > > --- Stephen Frost <sfrost@snowman.net> wrote: > > The two havn't got anything to do with each other. > > NATing is modifying > > packets as they pass through the router. Addressing > > is the IP address > > and whatnot to access the firewall/router. One does > > not require the > > other. > > This leads me to another question then. What are the > advantages of not having an IP address assigned to > interface(s) of the firewall? Like for instance, if my > firewall was the gateway to the outside world, how > would I tell machines behind the firewall to get out > to the outside world if they didn't have a default > route pointing to the internal address of the > firewall? Also, how would packets that hit the > firewall get routed through the other side? A router is not a bridge. The two are different things. You're thinking of things in terms of a 'router'. In order for your computers to reach the external network they have to go through a router, true. A firewall can be implemented as part of a router or as part of a bridge. The only requirement being that the packets are required to pass through the device. If you implemented your firewall as a bridge then the machines on the network wouldn't 'see' it, they would point their default routes to the router on the opposite side of the bridge. I think the critical point here is that you need to understand what a bridge is and how it works and how it's different from a router. Stephen
Attachment:
pgp00239.pgp
Description: PGP signature
