Westell Router/Modem Configuraton -- Static NAT
Fremdin
Enthusiast - Level 3

The Westell router has a configuration item which is new to me -- Static NAT.  The default is really arbitrary.  It happens to be an Ethernet-connected printer which shows up as a "computer".  The Static NAT explanaton in the router setup says it's where to send unsolicited packets.  If it means unsolicited packets from the WAN, why wouldn't I want to drop them rather than send them to any connected device.

I looked up "Static NAT" in various web articles and now don't understand it at all.  My only objective is to configure this feature in the most secure way possible.  Can anyone explain "static NAT" in relatively plain English?

Note: I have been making my living from computers at the "nuts and bolts" level for a very long time.  It's just this term which is new to me.

0 Likes
1 Solution

Correct answers
Re: Westell Router/Modem Configuraton -- Static NAT
smith6612
Community Leader
Community Leader

Did you even enable the Static NAT feature? It works similar to the DMZ where data is pretty much sent to a device when it is incoming, however Static NAT still obeys Firewall rules set. DMZ is meant to bypass the Firewall entirely.

If you haven't touched the Static NAT feature or it says it's disabled, you should be good to go.

View solution in original post

Re: Westell Router/Modem Configuraton -- Static NAT
smith6612
Community Leader
Community Leader

Did you even enable the Static NAT feature? It works similar to the DMZ where data is pretty much sent to a device when it is incoming, however Static NAT still obeys Firewall rules set. DMZ is meant to bypass the Firewall entirely.

If you haven't touched the Static NAT feature or it says it's disabled, you should be good to go.

Re: Westell Router/Modem Configuraton -- Static NAT
Fremdin
Enthusiast - Level 3

Thanks!  Equating it with DMZ is sufficient.  I once had a Unix server DMZ'd.  It was getting more than 100 dictionary ID/password attacks per second, mainly from IP addresses in Guangdong Province, China.  One of those attacks went fourteen hours straight.  Locking out IP address ranges in the system's network configuration got to be more trouble than the DMZ convenience was worth.

Thanks again.

0 Likes
Re: Westell Router/Modem Configuraton -- Static NAT
smith6612
Community Leader
Community Leader

No problem :). I've got a few UNIX machines up and running at home. In order to access them you need to use VPN, from which the router acts as the endpoint so I feel it's pretty secure compared to having SSH wide open. I hope you had Interactive Login disabled!

0 Likes
Re: Westell Router/Modem Configuraton -- Static NAT
Fremdin
Enthusiast - Level 3

There was just one horrendous externally-available user ID on that machine with equally horrendous password.  Neither the user ID nor the password could be hit with a dictionary attack  Neither that user ID nor that password were used anywhere else, so there was no place from which to steal them.  I was comfortable with the security, but not with all the attack traffic chewing up my bandwidth.