Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] NAT of snmp packets

To: [email protected]
Subject: Re: [FW-1] NAT of snmp packets
From: Dan Hitchcock <[email protected]>
Date: Thu, 11 Apr 2002 12:44:52 -0700
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Title: RE: [FW-1] NAT of snmp packets

You've got "leaky NAT". Check Point has an internal bug ID on this one for 4.1; has anyone seen leaky NAT on NG? A common workaround is to use manual NAT rules. If you already using manual NAT rules, you may be out of luck. Re-installing the policy often fixes this, but no guarantees (and, that's no way to have to manage a firewall).

Since the source/dest here for snmp is a low port, you can force a high source port translation for this traffic by adding the following lines to /etc/system. NOTE: don't even try this unless everything else fails. This may or may not solve the issue, and requires a reboot of your firewall:

set fw:fwx_udp_hide_high=0xa1
set fw:fwx_udp_hide_high=0xa2

(the "a1" and "a2" are hexadecimal for 161 and 162)

Best wishes,

Dan Hitchcock
CCNP, CCSE, MCSE
Security Operations Technical Lead
Breakwater Security Associates, Inc.
"Safe Harbor for E-Business"
dhitchcock (at) breakwatersecurity (dot) com
http://www.breakwatersecurity.com
work

The information contained in this email message may be privileged, confidential and protected from disclosure. If you are not the intended recipient, any dissemination, distribution or copying is strictly prohibited. If you think you have received this email message in error, please email the sender at dhitchcock (at) breakwatersecurity (dot) com

-----Original Message-----
From: Rafael Vida [mailto:[email protected]]
Sent: Thursday, April 11, 2002 6:29 AM
To: [email protected]
Subject: Re: [FW-1] NAT of snmp packets

Is doing static NAT.
This is the situation, a snoop in the internal host. His public IP is
213.69.69.69

njtmrro1 -> 213.69.69.69 UDP D=162 S=161 LEN=99
njtmrro1 -> 213.69.69.69 UDP D=162 S=161 LEN=153
njtmrro1 -> gesti UDP D=162 S=161 LEN=99
njtmrro1 -> gesti UDP D=162 S=161 LEN=153

gesti is the internal IP, and 213.69.69.69 the external (NAT) Ip.
Aproximately the 60% of the snmp packets are nated, but the other 40%
are not Nated, but the firewall accept and redirect this packets without
problem.

njtmrro1 ============================> Firewall
=======================================> gesti
snmp packets (traps) to 213.69.69.69 NAT or not NAT
?, that´s the question
IP=192.168.1.4

We have Firewall-1 with 4.1 SP5 over Solaris 7

Prev by Date: Re: [FW-1] veritas netbackup
Next by Date: [FW-1] PIX 501 and NG
Previous by thread: Re: [FW-1] NAT of snmp packets
Next by thread: Re: [FW-1] NAT of snmp packets
Index(es):
- Date
- Thread