Can NAT and IP Packet filtering work for you?

Rich Loeber

NAT stands for "Network Address Translation". Among other things, NAT allows you to provide public access to your system even though it sits behind a firewall. It does so by changing the source and destination IP addresses for data packets as they flow through your system. It can also be used to simplify configuration when multiple networks in your system operate on different addressing schemes. Your system can act as a go-between making the connections possible. NAT can also be used to hide real IP addresses between networks.

More Information

IP Packet Filtering lets you block specific IP addresses or filter packets based on information contained in each packet header. That gives you a lot of power to control who can access your system and who cannot access your system based on the IP address they are coming from. Using IP Packet Filtering, you can:

  • Permit or reject packets based on their destination IP address.

  • Permit or reject packets based on their source IP address.

  • Permit or reject packets based on either their source port number or their destination port number.

  • Apply these rules selectively when you have multiple network connections to your system. Different rules can apply to each network adapter.

  • Stop undesirable traffic from passing through your system to other nodes in your network.

  • Selectively log traffic based on the way your rules are set up.

You can find more information about setting up and configuring NAT and IP Packet Filtering at the IBM iSeries Information Center -- look in the Internet Security area. The iSeries Navigator includes a set-up wizard for IP Packet Filtering that may also help you to get started.

One note of caution: While these "free" tools are available for your use, they are just another tool in your security tool bag. Used together, these functions provide some of the functionality you'll find in a firewall, but full implementation of a firewall product is preferable. These tools should be used in conjunction with your overall security plan and strategy.

If you have specific questions about this topic, e-mail me at rich@kisco.com. All e-mail messages will be answered.

About the author: Rich Loeber is president of Kisco Information Systems Inc. in Saranac Lake, N.Y. The company is a provider of various security products for the iSeries market.

This was first published in May 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.