[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Hide NAT question
Good point Andrew.... try to use another IP address if possible (and just have the FW arp for that IP via $FWDIR/state/local.arp (on NT) or via arp cmd (on SUN)... If you use your fw's external IP, you will have some packets/connections initiated back to the fw, cluttering your logs, and depending on the number of these attemps, may make it harder to distinguish between valid requests and actual attacks/survailance techniques... :) -----Original Message----- From: Andrew Bagrin [mailto:[email protected]] Sent: Friday, December 29, 2000 10:12 AM To: Rodney Lacroix; [email protected] Subject: Re: [FW1] Hide NAT question You can use any IP address. I wouldn't use the firewalls external interface. If no one knows the IP address of your firewall then you've got a better chance of it not being attacked. Andrew Bagrin Secure-1www.secure-1.com ----- Original Message ----- From: Rodney Lacroix <[email protected]> To: <[email protected]> Sent: Friday, December 29, 2000 7:34 AM Subject: [FW1] Hide NAT question > > When hiding an internal network, is there a standard for the IP address you should hide the network behind? I assume that you hide it behind the firewall's external IP address. However, does that lead to unwanted traffic direct to the firewall from the Internet? > > Thanks in advance. > > Rodney Lacroix > > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|