How does NAT act as a firewall?
Posted by Gabriel Yu on 02 April 2008 02:43 AM
Blocking of unsolicited incoming requests is a side-effect of NAT, which is always enabled on the DrayTek routers. 

Network Address Translation (NAT) allows your router to share one internet connection among several computers on your LAN.  When one of your computers sends a request to an internet address (e.g. your browser requests a web page, or your email program asks your ISPs mail server if any mail), the router applies NAT and remembers the original request.

When an incoming packet is processed by NAT:
  1. Solicited packets: The router's internal NAT Active Sessions table is looked up to see if this is a reply to an outgoing message.  If so, the reply if forwarded to the computer making the original request.
  2. Open/Forwared Ports: The router checks it's table of Open Ports and Port Forwarding rules, and if the port number matches it forwards to the nominated computer.
  3. DMZ (De-militarised Zone): If a DMZ address is specified, any remaining packets are forwarded to the DMZ address.
  4. If none of the above rules applies, the router doesn't know where the packet should be sent, and so the packet is ignored.
(192 vote(s))
Helpful
Not helpful

Comments (0)