Networking help--Can i disable NAT?

[HeXploiT]

I need to connect to my sisters computer via microsoft remote management console but her dsl modem firewall is preventing me from connecting. Enabling remote management with her through the modems software over the phone is a tedious process. Since she already has a software firewall which i personally configured could i just disable NAT on her modem to get the microsoft remote console to communicate properly? Would this work?

 

[nweaver]

you could....but it would be a bad thing. The basic NAT does way more for security then a software firewall. I really think of software firewalls as more of a "placebo" for security.

Forward the correct ports to her machine from the modem/router.

 

[HeXploiT]

I have weighed that. The trade off is that i might be able to save myself and my sister hours of frustration over the phone trying to walk her through a process that i haven't done and she doesn't understand.
Anyway like i said i set up the firewall and other security software personally, which i am somewhat proficient at, so the machine is always continuously being checked for malware, trojans & the like and many unnecessary ports are permanently closed. It will be a very secure machine regardless.

So basically there are no other pitfalls to disabling NAT aside from security issues?

 

[travisray2004]

You are meaning PAT, and not NAT, anyways try logmein.com, "they have free service", if she can connect to the internet then you can fix her pc .
I use it when im at work trying to avoid firewalls, works out nicely, but to fix the nat issue, try setting her pc up on the dmz of the router if she has one. If not then turn off the firewalls. I really havnt seen a modem/firewall, so i do not know how to disable this. Best of luck to you.

 

[Nothinman]

I have weighed that. The trade off is that i might be able to save myself and my sister hours of frustration over the phone trying to walk her through a process that i haven't done and she doesn't understand.

And at the same time you may cost yourself even more hours of frustration as you realize that you have to fix a half dozen other things caused by her being directly attached to the Internet for a while.

You are meaning PAT, and not NAT,

Yes but everyone calls it NAT and there's no way you're going to change that. It's like arguing the binary vs decimal notation for computer measurements, as much as what's in use may be wrong it's already too ingrained in people's heads to change.

 

[nweaver]

PAT is when you are translating ports, NAT is IP's. Different layers of the stack. NAT mangles the source address stuff, it is probably NAT. Port forwarding is still NAT, unless you are actually changing the port (i.e. changing WANIP:33890 to LANIP:3389) and even then, it's a combination of the two, and most SOHO routers don't support this.

Likely, her modem is a router as well.

Software firewalls are just shy of useless (imho). Connecting a windows box directly to the internet is irresponsible and a bad bad thing.

as far as DMZ, you are pretty much just turning the firewall off for that machine, so it's (imho) again a bad idea. Take the time to setup the router/modem one time, and be done with it. That is the best solution. You should just need to forward a couple of ports.

 

[Nothinman]

NAT is supposed to be a 1-1 translation so most NAT devices aren't really doing plain NAT.

http://www.cisco.com/warp/public/556/nat-faq.html#qa1

Q. What is PAT, or NAT overloading?

A. PAT, or NAT overloading, is a feature of Cisco IOS NAT and can be used to translate many internal (inside local) private addresses to one or more outside (inside global?usually registered) IP addresses. Unique source port numbers on each translation are used to distinguish between the conversations.

With NAT overload, a translation table entry that contains full address and source port information is created.

 

[nweaver]

ahh...ok, I see. We just usually call that "One to many NAT" or "One to One NAT" here. Makes sense what you are saying.

 

[JackMDS]

You have to be more specific about what is the "Modem Firewall".

Many DSL Provider give the users free Modem/Router Not becauase they want to give a free Router (some of them even deny that it is a Router), but because they want to avoid the troubles that the PPPOE software caused while used for authentication.

In the Modem/Router the authentication is embedded in the Router part in the same way that it is done with a stand alone Router.

Disabling the NAT might mean No hardware authentication any more and No Internet connection at all.

If you do not want to bother your sister with opening RDT port (God forbid thatshe would learn something Brrrr.....)

Try to master the UltraVNC single click, http://www.uvnc.com/addons/singleclick.html

 

[Nothinman]

ahh...ok, I see. We just usually call that "One to many NAT" or "One to One NAT" here. Makes sense what you are saying.

Yea, everyone just calls all of them NAT. Probably only those people who've actually been to Cisco classes, seminars, etc have even heard the term PAT before.

 

[RebateMonger]

Originally posted by: Nothinman
Probably only those people who've actually been to Cisco classes, seminars, etc have even heard the term PAT before.

I think I first saw the term "PAT" in a Cisco manual.

 

[travisray2004]

Originally posted by: Nothinman

ahh...ok, I see. We just usually call that "One to many NAT" or "One to One NAT" here. Makes sense what you are saying.

Yea, everyone just calls all of them NAT. Probably only those people who've actually been to Cisco classes, seminars, etc have even heard the term PAT before.

lol. I just like starting a mess.. Its PAT is NAT overload.

wan = internet ( ISP's, "the Cloud")
lan = intrannet ( local pc's behind a firewall/or router)

NAT = 1 wan to 1 lan ( its on its own dmz)
PAT = 1 wan to many lan ( you can break up the dmz)

Anyways,

I might have to check out the ultravnc, thanks for the link my friend