NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Problems with ftp



The DMZ machines are using static NAT, the internal 10-Net ones are using hide NAT. I'm not sure how to tell if the NAT is occurring between the DMZ and 10-net... I assumed it was universal, and therefore added the NAT address into the anti-spoofing rules on the interface. Well, maybe not quite "assumed", things quit working until I added the NAT addresses in :-)
 
As for the necessity, I don't think it is, but I inherited the firewall setup as is. Whether it was configured this way due to necessity or not is unknown to me. I've been tightening up the rulebase one thing at a time and seeing what breaks. I added the anti-spoofing on the interfaces and what broke was the access to the ftp servers from inside the 10-net.
 
Regards,
Jim
-----Original Message-----
From: CryptoTech [mailto:[email protected]]
Sent: Friday, February 09, 2001 9:50 AM
To: Gadrow, Jim
Cc: 'Ken McKinlay'; '[email protected]'
Subject: Re: [FW1] Problems with ftp

Jim,
Two questions:
Is nat occurring between the DMZ and the internal net, if so, is this really necessary?
Second question, are you using static or hide nat for the client connections?

Regards,
CryptoTech



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.