NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] NAT first or Route first?



Rajeev (and the folks who emailed me), thanks a bunch.  With this info in
mind and the Phoneboy FAQ page at http://www.phoneboy.com/faq/0147.html we
managed to diagram exactly what we're seeing and it makes sense (even if
routing before NAT seems counterintuitive).

-Russ

-----Original Message-----
From: Rajeev Kumar [mailto:[email protected]]
Sent: Wednesday, February 20, 2002 9:15 AM
To: [email protected]
Subject: Re: [FW-1] NAT first or Route first?


In 4.1, NAT happens when packet leaves FW-1 interface (for Client ->Server)
, whereas for return packets (Server->Client) it happens at receiving
interface . So routing and policy check happen before that. You need to
define routes for your private IP address explicitly in some cases.

Rajeev



On Wednesday 20 February 2002 11:01, Russell Washington wrote:
> Question for the masses:  On FW-1 v4.1, running on Windows NT 4.0,
> which gets done first: NAT or OS routing?  I can't see how you can do
> routing first (since the source or destination of the packet may
> change during NAT), but I have an odd situation on my hands suggesting
> that the NAT is being done afterwards.
>
> Any insight would be appreciated...
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

--
********************************************************************
        Rajeev Kumar ([email protected])
                http://www.rajeevnet.com
********************************************************************
-- PGP PUBLIC KEY -- http://www.rajeevnet.com/crypto/mypubkey
********************************************************************
What's New on rajeevnet.com:
o Unix/Windows password Sync:
    http://www.rajeevnet.com/linux/passwd_sync/passwd_sync.html
o Wonders of 'dd' and 'netcat' :: Cloning Operating Systems
    http://www.rajeevnet.com/tips_hints/os_clone/os_cloning.html
********************************************************************

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.