[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] NAT on interface of Firewall NG

To: [email protected]
Subject: Re: [FW-1] NAT on interface of Firewall NG
From: Dan Hitchcock <[email protected]>
Date: Tue, 25 Jun 2002 09:44:24 -0700
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Title: RE: [FW-1] NAT on interface of Firewall NG

Please forgive me if this is ignorant, but did NG somehow implement the ability to statically NAT the firewall's real IP? This was, of course, not doable in 4.1, which I understood to be more a limitation of the underlying operating system than the firewall itself. Please advise...

In any case, the goal can certainly be achieved by using a public IP other than the firewall's external address, then doing the route/arp/nat dance (or, client-side NAT in NG) to achieve the desired result.

A word of warning: do you really want Notes-type traffic passing in cleartext across the network? I'd submit that the answer is "no," especially if that network is the Internet (I'm not clear on that from the original post).

HTH

Dan Hitchcock

Prev by Date: Re: [FW-1] NAT on interface of Firewall NG
Next by Date: Re: [FW-1] VPN Pool NAT
Prev by thread: Re: [FW-1] NAT on interface of Firewall NG
Next by thread: Re: [FW-1] NAT on interface of Firewall NG
Index(es):
- Date
- Thread