[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] NAT first or Route first?
Rajeev (and the folks who emailed me), thanks a bunch. With this info in mind and the Phoneboy FAQ page at http://www.phoneboy.com/faq/0147.html we managed to diagram exactly what we're seeing and it makes sense (even if routing before NAT seems counterintuitive). -Russ -----Original Message----- From: Rajeev Kumar [mailto:[email protected]] Sent: Wednesday, February 20, 2002 9:15 AM To: [email protected] Subject: Re: [FW-1] NAT first or Route first? In 4.1, NAT happens when packet leaves FW-1 interface (for Client ->Server) , whereas for return packets (Server->Client) it happens at receiving interface . So routing and policy check happen before that. You need to define routes for your private IP address explicitly in some cases. Rajeev On Wednesday 20 February 2002 11:01, Russell Washington wrote: > Question for the masses: On FW-1 v4.1, running on Windows NT 4.0, > which gets done first: NAT or OS routing? I can't see how you can do > routing first (since the source or destination of the packet may > change during NAT), but I have an odd situation on my hands suggesting > that the NAT is being done afterwards. > > Any insight would be appreciated... > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= -- ******************************************************************** Rajeev Kumar ([email protected]) http://www.rajeevnet.com ******************************************************************** -- PGP PUBLIC KEY -- http://www.rajeevnet.com/crypto/mypubkey ******************************************************************** What's New on rajeevnet.com: o Unix/Windows password Sync: http://www.rajeevnet.com/linux/passwd_sync/passwd_sync.html o Wonders of 'dd' and 'netcat' :: Cloning Operating Systems http://www.rajeevnet.com/tips_hints/os_clone/os_cloning.html ******************************************************************** ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|