[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-1
Subject: RE: [FW1] Hide NAT question
From: Amin Tora <Amin () EPLUS ! com>
Date: 2000-12-31 2:32:22
[Download RAW message or body]
Good point Andrew.... try to use another IP address if possible (and just
have the FW arp for that IP via $FWDIR/state/local.arp (on NT) or via arp
cmd (on SUN)...
If you use your fw's external IP, you will have some packets/connections
initiated back to the fw, cluttering your logs, and depending on the number
of these attemps, may make it harder to distinguish between valid requests
and actual attacks/survailance techniques...
:)
-----Original Message-----
From: Andrew Bagrin [mailto:andrewb@secure-1.com]
Sent: Friday, December 29, 2000 10:12 AM
To: Rodney Lacroix; fw-1-mailinglist@lists.us.checkpoint.com
Subject: Re: [FW1] Hide NAT question
You can use any IP address. I wouldn't use the firewalls external interface.
If no one knows the IP address of your firewall then you've got a better
chance of it not being attacked.
Andrew Bagrin
Secure-1
865-803-2748
www.secure-1.com
----- Original Message -----
From: Rodney Lacroix <RLACROIX@velcro.com>
To: <fw-1-mailinglist@lists.us.checkpoint.com>
Sent: Friday, December 29, 2000 7:34 AM
Subject: [FW1] Hide NAT question
>
> When hiding an internal network, is there a standard for the IP address
you should hide the network behind? I assume that you hide it behind the
firewall's external IP address. However, does that lead to unwanted traffic
direct to the firewall from the Internet?
>
> Thanks in advance.
>
> Rodney Lacroix
>
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic