[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Problems with ftp
The
DMZ machines are using static NAT, the internal 10-Net ones are using hide NAT.
I'm not sure how to tell if the NAT is occurring between the DMZ and 10-net... I
assumed it was universal, and therefore added the NAT address into the
anti-spoofing rules on the interface. Well, maybe not quite "assumed", things
quit working until I added the NAT addresses in :-)
As
for the necessity, I don't think it is, but I inherited the firewall setup as
is. Whether it was configured this way due to necessity or not is unknown to me.
I've been tightening up the rulebase one thing at a time and seeing what breaks.
I added the anti-spoofing on the interfaces and what broke was the access
to the ftp servers from inside the 10-net.
Regards,
Jim
Jim, Two questions: Is nat occurring between the DMZ and the internal net, if so, is this really necessary? Second question, are you using static or hide nat for the client connections? Regards,
|