[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Connection contains real IP address of NAT'ed IP

To: [email protected]
Subject: Re: [FW-1] Connection contains real IP address of NAT'ed IP
From: Bill <[email protected]>
Date: Mon, 14 Oct 2002 22:31:32 -0400
References: <001e01c27164$3de01880$0100a8c0@gw5200>
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Does the session still work?  Have you checked to see if those packets are
really being sent by the endstations?  It does not sound normal to have both
the nat'ed packet and the non-nat'ed simultaneously.


----- Original Message -----
From: "Neil De La Cruz, CISSP" <[email protected]>
To: <[email protected]>
Sent: Friday, October 11, 2002 4:24 PM
Subject: Re: [FW-1] Connection contains real IP address of NAT'ed IP


> One of my customers is experiencing the same error message on a simpler
> configuration when the OWA box on the DMZ tries to authenticate with the
> internal PDC.
>
> This has been working fine, and no changes have been made. The log entries
> look like this:
>
> action-ACCEPT, service-NBDATAGRAM, source-OWA, dest-PDC
> action-ACCEPT, service-NBDATAGRAM, source-OWA, dest-EXCHANGE
> action-DROP, service-NBDATAGRAM, source-OWA, dest-PDC, message_info
> Connection contains real IP of NATed address.
>
> All other NB services are accepting ok. I do not get the ICMP error that
> Mark is getting, however.
>
> FW is running NG/FP2 on W2KS/SP3. OWA logs onto NT4 domain. Exchange is
> running 5.5 SP3.
>
> Any help would be greatly appreciated.
>
> Regards,
>
> Neil De La Cruz
> CISSP, CCSE/CCSA, MCSE, CCNA
> Managing Consultant
> Applied Network Systems, Inc.
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:[email protected]]On Behalf Of Mark
> William Lane
> Sent: Wednesday, October 09, 2002 11:51 AM
> To: [email protected]
> Subject: [FW-1] Connection contains real IP address of NAT'ed IP
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi guys,
>
> We are an MSP who is having a weird problem on one of our customer
> firewalls.  Everything was fine with NAT and the way the firewall
> worked until it was upgraded to NG - what a shock right?  The reason
> for the upgrade was that the customer needs 2 external interfaces.
>
> Here is the problem:
>
> IP 330 running IPSO 3.5, 25 IP NG FP2 VPN-1 Pro.  Static route in
> place and manual NAT rules.
>
> Load balancer tries to make a TFTP connection going out for backup
> purposes.  Connection is accepted.  Right after that, we get 2 drops,
> one that states "Connection contains real IP address of NAT'ed IP" on
> the data port for the TFTP and the other an ICMP type 3, code 3 with
> the same message.
>
> I have checked the mailing lists, phoneboy, and secure knowledge.
> Only thing I could find was an old email that was apparently never
> answered around FW 4.0.
>
> Any help would be GREATLY appreciated.
>
> Mark William Lane
> Dipl.-Inform.(FH)
> Installation & Implementation Manager
> CCSA/CCSE-2000, CCSA/CCSE-NG
>
> SNC Secure Networking Company AG
> Making the Internet Secure for You!
>
> [email protected]
> Tel.: +49 (0)6152-9791-71
> Fax: +49 (0)6152-9791-99
> www.securenetworking.de
>
> PGP Fingerprint:
> 9B45 52D7 FCBD B0AA 21E0 1223 DEBF 25E8 3321 4EB1
>
> - - - --------------
> Diese Nachricht kann vertrauliche Informationen enthalten. Wenn Sie
> nicht der in der Nachricht enthaltene Empf�nger sind (oder
> verantwortlich f�r die �berbringung der Nachricht zu dieser Person),
> sind sie nicht befugt, diese zu kopieren oder einer beliebigen Person
> zu �berbringen.
> In diesem Fall l�schen Sie bitte diese Nachricht und informieren Sie
> den Absender mit Hilfe einer R�ckantwort per Email. Bitte
> unterrichten Sie uns unverz�glich, wenn Sie oder ihr Arbeitgeber
> einer �bermittlung von Nachrichten dieser Art mittels Internet nicht
> zustimmen. �berzeugungen, R�ckschl�sse und andere Informationen, die
> in dieser Nachricht enthalten sind und nicht zu den offiziellen
> Gesch�ftsgepflogenheiten unserer Firma geh�ren, werden nicht
> unterst�tzt und als nie erkl�rt gewertet.
> - - - --------------
> Confidential Information may be contained in this message.  If you
> are not the addressee indicated in this message (or responsible for
> delivery of the message to such person), you may not copy or deliver
> this message to anyone.
> In such case, you should destroy this message and kindly notify the
> sender by reply email. Please advise immediately if you or your
> employer does not consent to Internet email for messages of this
> kind.  Opinions, conclusions and other information in this message
> that do not relate to the official business of my firm shall be
> understood as neither given nor endorsed by it.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (MingW32) - WinPT 0.4.0
>
> iEYEARECAAYFAj2kUFwACgkQ3r8l6DMhTrGKxACeNf0NuAwYTNsdbSmFGFvPxEPd
> 4pkAnRRKLiVIJ+JS1qFRBOBGskJ7f5tq
> =r5qL
> -----END PGP SIGNATURE-----
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] Connection contains real IP address of NAT'ed IP
  - From: "Neil De La Cruz, CISSP" <[email protected]>

References:
- Re: [FW-1] Connection contains real IP address of NAT'ed IP
  - From: "Neil De La Cruz, CISSP" <[email protected]>

Prev by Date: Re: [FW-1] VRRP MC and CISCO 6509
Next by Date: [FW-1] authentication problems - error while deleting entry from hash
Prev by thread: Re: [FW-1] Connection contains real IP address of NAT'ed IP
Next by thread: Re: [FW-1] Connection contains real IP address of NAT'ed IP
Index(es):
- Date
- Thread