Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] problems with DMZ and NAT

To: [email protected]
Subject: Re: [FW-1] problems with DMZ and NAT
From: "Reed Mohn, Anders" <[email protected]>
Date: Tue, 26 Feb 2002 09:36:15 +0100
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

That's right. You can't. It's supposed to be that way.

I'm not completely sure, but I think this is what happens:

web1(private addr) pings web2(public addr)

fw translates this to

web1(private addr) pings web2(private addr)

web2(private addr) replies to web1(private addr)

web1 expects answer from web2(public addr) so

it just ignores that reply.

You have two possible solutions:

1. Set up DNS-records so that these servers

alway use the internal addresses.

2. Add a NAT-rule on top of the "public" address NAT-rules,

that says DMZ to DMZ --> orig orig, to avoid any NAT happening at all.

Cheers,

Anders :)

-----Original Message-----
From: Hector G. Perez Cadena [mailto:[email protected]]
Sent: 25. februar 2002 20:28
To: [email protected]
Subject: [FW-1] problems with DMZ and NAT

`-------------------------------------------------------------------------------'

Prev by Date: [FW-1] Session Agent and SSL
Next by Date: Re: [FW-1] IP POOL for SecuRemote connection with client side NAT Fails
Previous by thread: [FW-1] how to block streaming in Firewall -1
Next by thread: Re: [FW-1] IP POOL for SecuRemote connection with client side NAT Fails
Index(es):
- Date
- Thread