| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] Anti-Spoofing and ARP'd/NAT'd hosts
Hi all
Platform: Solaris VPN-1 SP5
I have Anti-spoofing installed, but am having a few problems with the
ARP/NAT'd hosts and was wondering if someone can help. Yes, I have read the
phoneboy spoofing stuff, but it doesnt mention anything about ARP/NAT'd
hosts
I have a three-legged firewall (LAN/DMZ/External - subnets have been changed
to protect the not-so-innocent).
External - 10.0.1.0/24
DMZ - 10.0.2.0/24
LAN - 10.0.3.0/24 (with other subnets via WAN)
According to the Phoneboy article, the Anti-Spoofing setup should be:
External - Others
DMZ - This Net
LAN - Specific (group containing all internal subnets)
now, from what I can see, for the ARP'd/NAT'd DMZ hosts I have to change the
external interface anti-spoof setup to be:
External - Others + <a group with the ARP'd/NAT'd addresses>
If so, do I include the pre-NAT or post-NAT addresses for those hosts? (i.e
Is NAT done before or after the anti-spoof check?)
Any help with this would be greatly appreciated (as always!)
--
Steve
-------------------------------------------------
Steve Loughran, Network Infrastructure Manager
Sony Computer Entertainment Europe (Cambridge)
Home Page -> http://sl.scee.sony.co.uk/
Yamaha YZF1000R Thunderace
ICQ#: 12666311 (Work), 104426046 (Laptop)
Team Waste - Where do you want to go wrong today?
===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================
|
|
