Re: Fw1, NAT or router problem ?

From: Chris (never@work)
Date: 03/19/03

• Next message: WizzyWoW: "Re: H.323 (video conference) over Netscreen?"
• Previous message: SysAdm: "Re: ISDN card as network connection on Nokia firewall"
• In reply to: Jacco Tunnissen: "Re: Fw1, NAT or router problem ?"
• Next in thread: Don Kelloway: "Re: Fw1, NAT or router problem ?"
• Reply: Don Kelloway: "Re: Fw1, NAT or router problem ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Chris" <never@work>
Date: Wed, 19 Mar 2003 22:57:21 -0000

"Jacco Tunnissen" <jacco@honeypots.net> wrote in message
news:gflh7v0qsb05koajsu4ren7lca0lhmcrie@4ax.com...
> On Wed, 19 Mar 2003 20:20:39 GMT, "Don Kelloway"
> <dkelloway@commodon.com> wrote:
>
> >Proxy ARP is *not always* necessary which is what I'm taking exception
with.
>
> I've described just one scenario (didn't know the exact problem of the
> original poster either, so let's see). Nowhere have I disagreed with
> you that there are other scenarios possible, or told the group that
> this was the only possible solution.
>
> I suggest that we await further details from Tessai - if any.
>
> Jacco Tunnissen
> --
> http://www.honeypots.net/
> Intrusion Detection Systems,
> Honeypots, Incident Response

In the case that has been described where the web server has a private
RFC1918 address on a private LAN on the DMZ leg of the firewall where
Firewall-1 is providing a static NAT translation to that web server, proxy
arp is needed. It will not work without it. This is the function of the
local.arp file on FW-1, to map all translated IP's (static mappings) to the
MAC address of the external card.

Maybe Tessai could explain the exact problem in a little more detail?

Chris.

---

• Next message: WizzyWoW: "Re: H.323 (video conference) over Netscreen?"
• Previous message: SysAdm: "Re: ISDN card as network connection on Nokia firewall"
• In reply to: Jacco Tunnissen: "Re: Fw1, NAT or router problem ?"
• Next in thread: Don Kelloway: "Re: Fw1, NAT or router problem ?"
• Reply: Don Kelloway: "Re: Fw1, NAT or router problem ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages PoPTop, Samba, IPTables ... I'm configuring a VPN using POPTOP/RedHat 9, in LAN scenario with a ... ADSL connection. ... the gateway is a propietary firewall (3Com Office Connect Cable/DSL ... The other scenario is RedHat 9 configured with iptables as firewall, ... (comp.os.linux.networking) Re: Theoretical Secure home network design question ... > I am re-designing my home network and having trouble deciding the best ... > Scenario 1: ... > cable/dsl router with NAT and/or firewall (I don't consider NAT to be ... (comp.security.firewalls) Re: Theoretical Secure home network design question ... > I am re-designing my home network and having trouble deciding the best ... > Scenario 1: ... > cable/dsl router with NAT and/or firewall (I don't consider NAT to be ... (comp.security.firewalls) Re: PoPTop, Samba, IPTables ... > I'm configuring a VPN using POPTOP/RedHat 9, in LAN scenario with a ... > the gateway is a propietary firewall (3Com Office Connect Cable/DSL ... (If windows run route print, ... If things don't appear to be working, first check that your client has ... (comp.os.linux.networking) Re: Unique setup - DCs cannot initiate connection to domain resources ... What's the advantage of that scenario? ... DC's from the clients like that in the first place, ... Network communication initiation will be ... > permitted one way through the firewall for all required ... (microsoft.public.windows.server.active_directory)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.firewalls  > 2003-03