RE: [fw-wiz] NAT Based on Service with only one legal IP
From: Ben Nagy (ben_at_iagu.net)
Date: 05/21/03
- Previous message: Valerie Anne Bubb: "Re: [fw-wiz] Sunscreen EFS 3.1 stealth mode and NAT"
- In reply to: W. Builder: "[fw-wiz] NAT Based on Service with only one legal IP"
- Next in thread: W. Builder: "RE: [fw-wiz] NAT Based on Service with only one legal IP"
- Reply: W. Builder: "RE: [fw-wiz] NAT Based on Service with only one legal IP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'W. Builder'" <xbuilder@yahoo.com>, <firewall-wizards@honor.icsalabs.com> Date: Wed, 21 May 2003 09:14:16 +0200
I think you are asking if you can have static port NAT mappings for
different services going to different internal physical servers, and also do
that for dynamically assigned IP addresses as well as statically configured
ones.
Offhand I know that Cisco routers have been able to do this for a few
versions now. I suspect that any of these new 'appliances' that have
software to deal with xDSL, where addresses are very frequently assigned,
will be able to cope with this - it's just a question of how much you call
them 'firewalls'. The basic problem is that if the box itself isn't involved
in negotiating the IP address it becomes ugly.
So, in short, moving your NAT to the network border and doing it on your
screening router is one option. That might also break other stuff that you
do, like VPNs. Who knows.
ben
> -----Original Message-----
> From: firewall-wizards-admin@honor.icsalabs.com
> [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf
> Of W. Builder
> Sent: Tuesday, May 20, 2003 5:43 PM
> To: firewall-wizards@honor.icsalabs.com
>
> Dear Gurus
>
> Service based NAT with only one legal IP can be done with
> Checkpoint FW-1 NG but not for dynamically allocated legal IP
>
> http://www.phoneboy.com/fom-serve/cache/86.html
>
> Are there any other non-CheckPoint firewall s/ware products
> or appliances that can do this with both one legal static IP
> ? With one dynamically assigned legal IP?
>
> Many thanks
> W.Builder
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Valerie Anne Bubb: "Re: [fw-wiz] Sunscreen EFS 3.1 stealth mode and NAT"
- In reply to: W. Builder: "[fw-wiz] NAT Based on Service with only one legal IP"
- Next in thread: W. Builder: "RE: [fw-wiz] NAT Based on Service with only one legal IP"
- Reply: W. Builder: "RE: [fw-wiz] NAT Based on Service with only one legal IP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
