[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re:RE: [FW1] Anti-spoofing
On Windows NT firewall engine, be sure that "enable IP routing" is checked. Thank you, Cathy Tebo Federal Home Loan Bank of Chicago Technical Security [email protected] ____________________Reply Separator____________________ Subject: RE: [FW1] Anti-spoofing Author: "Roelandts Guy" <[email protected]> Date: 7/27/01 8:55 AM Josh, What is the problem ? We have an Nt box with 5 interfaces, 4 of them are in use without problems ... Met vriendelijke groeten - Bien à vous - Kind regards Guy ROELANDTS EMEA GS Internet Expertise Centre Compaq Software Engineer - Belgium E-mail : [email protected] <mailto:[email protected]> Tel: +32(02)729.77.44 (options 3 - 3 - 1) Fax: +32(02)729.77.65 -----Original Message----- From: Josh Medina [mailto:[email protected]] Sent: Thursday, July 26, 2001 10:14 PM To: [email protected] Cc: [email protected] Subject: RE: [FW1] Anti-spoofing This raises a question for me. I am attempting to run three interfaces on my NT checkpoint fw-1 SP3 box, in the same configuration (internal, external, DMZ). but apparently NT can not route between three NICs, is this something I have to run a UNIX, or Sun box for ? ...what about windows 2000 advanced server? -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Don Leeper Sent: July 25, 2001 9:53 AM To: '[email protected]' Cc: '[email protected]' Subject: [FW1] Anti-spoofing I was wondering if someone could give me your input on anti-spoofing. I have 3 interfaces on my FW: DMZ 192.168.2.1 External 63.64.1.1 Internal 192.168.1.1 I have a DNS server and web server sitting on the DMZ. Which needs to be open to the public. I have my email server and one web server on the Internal. They need to be accessible to the public as well. All addresses that are for the public are nated. Could someone tell me how you would set up the anti-spoofing on the FW that won't affect my setup but protect me? I noticed in my logs that someone was trying to get in using private addresses. Thanks for your help in advance. (I did look it up but I think its better to hear how others do it!) Kind of confusing.... Donnie Leeper <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <TITLE>Message</TITLE> <XETA HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"><XETA CONTENT="MS Exchange Server version 5.5.2652.35" NAME="Generator"> <META content="MSHTML 5.50.4611.1300" name=GENERATOR></HEAD> <BODY> <DIV><SPAN class=2001><FONT face=Arial color=#0000ff size=2>Josh,</FONT></SPAN></DIV> <DIV><SPAN class=2001><FONT face=Arial color=#0000ff size=2></FONT></SPAN> </DIV> <DIV><SPAN class=2001><FONT face=Arial color=#0000ff size=2> What is the problem ? We have an Nt box with 5 interfaces, 4 of them are in use without problems ...</FONT></SPAN></DIV> <P><I><FONT face="Times New Roman" size=2>Met vriendelijke groeten - Bien à vous - Kind regards</FONT></I></P> <P><I><FONT face="Times New Roman" size=2>Guy ROELANDTS</FONT></I><BR><I><FONT face="Times New Roman" size=2>EMEA GS Internet Expertise Centre</FONT></I><BR><I><FONT face="Times New Roman" size=2>Compaq Software Engineer - Belgium</FONT></I><BR><FONT face=Garamond color=#000080 size=1>E-mail : <A href="mailto:[email protected]">[email protected]</A></FONT><BR><F ONT face=Garamond color=#000080 size=1>Tel: +32(02)729.77.44 (options 3 - 3 - 1)</FONT><BR><FONT face=Garamond color=#000080 size=1>Fax: +32(02)729.77.65</FONT></P> <BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px"> <DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> Josh Medina [mailto:[email protected]]<BR><B>Sent:</B> Thursday, July 26, 2001 10:14 PM<BR><B>To:</B> [email protected]<BR><B>Cc:</B> [email protected]<BR><B>Subject:</B> RE: [FW1] Anti-spoofing<BR><BR></FONT></DIV> <DIV> </DIV> <DIV align=left><FONT face=Arial size=2><SPAN class=2001>This raises a question for me. I am attempting to run three interfaces on my NT checkpoint fw-1 SP3 box, in the same configuration (internal, external, DMZ). but apparently NT can not route between three NICs, is this something I <U>have</U> to run a UNIX, or Sun box for ? ...what about windows 2000 advanced server?</SPAN></FONT></DIV> <BLOCKQUOTE style="MARGIN-RIGHT: 0px"> <DIV></DIV> <DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> [email protected] [mailto:[email protected]] <B>On Behalf Of </B>Don Leeper<BR><B>Sent:</B> July 25, 2001 9:53 AM<BR><B>To:</B> '[email protected]'<BR><B>Cc:</B> '[email protected]'<BR><B>Subject:</B> [FW1] Anti-spoofing<BR><BR></FONT></DIV> <P><FONT face=Arial size=2>I was wondering if someone could give me your input on anti-spoofing. I have 3 interfaces on my FW:</FONT> <BR><FONT face=Arial size=2>DMZ 192.168.2.1</FONT> <BR><FONT face=Arial size=2>External 63.64.1.1</FONT> <BR><FONT face=Arial size=2>Internal 192.168.1.1</FONT> <BR><FONT face=Arial size=2>I have a DNS server and web server sitting on the DMZ. Which needs to be open to the public. </FONT><BR><FONT face=Arial size=2>I have my email server and one web server on the Internal. They need to be accessible to the public as well. All addresses that are for the public are nated. Could someone tell me how you would set up the anti-spoofing on the FW that won't affect my setup but protect me? I noticed in my logs that someone was trying to get in using private addresses. Thanks for your help in advance. (I did look it up but I think its better to hear how others do it!) Kind of confusing....</FONT></P><BR><BR><BR> <P><FONT face=Arial color=#800000 size=2>Donnie Leeper</FONT> </P></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML> ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|