NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] AW: [FW-1] NAT and "too many internal hosts"



Reed,

yes i have checked this. Please note normally only the "real" internal
addresses 10.197.6.x will be counted.
I have doublechecked this.
But as i describe below, ONLY if a packet arrives from the internet with
destination internal MX server, the firewall routes this packet (via OS
routing! from official ip address to internal address AND AFTER THIS the
firewall will NAT the source ip address. Because this source address is NOT
a part of the internal ip address, that means this a new host, the counter
will be increased!

example: the first line indicates the traffic from internet to internal mx
server, the foreign ip source address will be count i.e. 195.252.173.141
(instead all the other entries 10.197.6.x)
xx.yy.zz.66 = NATed ip address of internal mx server

fwtest[admin]# fw lichosts
eth- 7/2/2002 16:51> host:141.173.252.195 src:195.252.173.141
dst:xx.yy.zz.66 proto:tcp sport:1069 dport:pop-3
eth- 7/2/2002 16:53> host:160.6.197.10 src:10.197.6.160 dst:64.200.168.10
proto:tcp sport:1308 dport:http
eth- 7/2/2002 16:53> host:2.6.197.10 src:10.197.6.2 dst:10.192.11.81
proto:udp sport:snmp dport:4296
eth- 7/2/2002 16:53> host:1.6.197.10 src:10.197.6.1 dst:192.168.20.229
proto:udp sport:4869 dport:snmp
eth- 7/2/2002 16:54> host:170.6.197.10 src:10.197.6.170 dst:64.12.161.153
proto:tcp sport:1309 dport:AOL
eth- 7/2/2002 17:24> host:165.6.197.10 src:10.197.6.165 dst:151.164.1.8
proto:udp sport:1048 dport:domain-udp
eth- 7/2/2002 17:28> host:150.6.197.10 src:10.197.6.150 dst:151.164.171.7
proto:udp sport:1029 dport:domain-udp
<snip>

Michael


> ----------
> Von:  Reed Mohn, Anders[SMTP:[email protected]]
> Antwort an:   Mailing list for discussion of Firewall-1
> Gesendet:     Monday, February 11, 2002 10:49 AM
> An:   [email protected]
> Betreff:      Re: [FW-1] NAT and "too many internal hosts"
>
> > -----Original Message-----
> > From: "Süß, Michael" [mailto:[email protected]]
> > Sent: 11. februar 2002 09:42
> > To: [email protected]
> > Subject: [FW-1] NAT and "too many internal hosts"
> >
> >
> > Situation: Firewall box with 25 user license. 10 internal
> > hosts (PC´s and
> > servers):
> > One internal server (email) is natted to an official ip
> > address, so that it
> > is reachable from the internet.
> > All works fine, but...
> > if someone from the internet connect the email server via the natted
> > official ip address, the internal host counter on the firewall will be
> > increased !!!!
>
>
> Have you specified the correct external interface in the configuration?
> If FW-1 knows which interface you have as "External", it will not count
> addresses "belonging to" that interface as internal addresses.
> Have you checked the file EXTERNAL.IF?
>
>
> > (note: we licensed the external interface directed to the internet!)
>
> This should not make a difference. This is the recommended practice,
> but many, including myself, have licensed the internal interface, with no
> trouble at all.
>
> > this means all the external official source ip addresses will
> > be seen on my INTERNAL interface and the counter will be increased.
>
>
> What makes you say that?
>
> Remember that the FW will see this as a source of a packet coming to the
> internal network
> from another network, it won't see it as a source address from that
> internal
> interface.
>
> It's what you designate as the external interface, that matters.
>
> Cheers,
> Anders :)
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.