|
|
|
|
|
|
by IgorPartola
4748 days ago
|
|
|
The simple and much more flexible answer to this is to have a firewall rule on the edge router that simply drops all packets to and from the hosts you do not want visible. Note that this is more flexible in that if you want some hosts visible and some not, you can do that. You cannot do that with NAT: you only have one port 80 and several servers for example. In general, use the right tool for the job. NAT provides some blunt security features incidentally. It does not, for example, prevent your server from making connections to the outside world. The firewall is what is meant to be used to restrict traffic. That is its only job and it does that well. |
|
|