'RE: [FW1] Hide NAT question'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewall-1
Subject:    RE: [FW1] Hide NAT question
From:       Amin Tora <Amin () EPLUS ! com>
Date:       2000-12-31 2:32:22
[Download RAW message or body]



Good point Andrew.... try to use another IP address if possible (and just
have the FW arp for that IP via $FWDIR/state/local.arp (on NT) or  via arp
cmd (on SUN)...

If you use your fw's external IP, you will have some packets/connections
initiated back to the fw, cluttering your logs, and depending on the number
of these attemps, may make it harder to distinguish between valid requests
and actual attacks/survailance techniques...

  :)


-----Original Message-----
From: Andrew Bagrin [mailto:andrewb@secure-1.com]
Sent: Friday, December 29, 2000 10:12 AM
To: Rodney Lacroix; fw-1-mailinglist@lists.us.checkpoint.com
Subject: Re: [FW1] Hide NAT question



You can use any IP address. I wouldn't use the firewalls external interface.
If no one knows the IP address of your firewall then you've got a better
chance of it not being attacked.
Andrew Bagrin
Secure-1
865-803-2748
www.secure-1.com
----- Original Message -----
From: Rodney Lacroix <RLACROIX@velcro.com>
To: <fw-1-mailinglist@lists.us.checkpoint.com>
Sent: Friday, December 29, 2000 7:34 AM
Subject: [FW1] Hide NAT question


>
> When hiding an internal network, is there a standard for the IP address
you should hide the network behind?  I assume that you hide it behind the
firewall's external IP address.  However, does that lead to unwanted traffic
direct to the firewall from the Internet?
>
> Thanks in advance.
>
> Rodney Lacroix
>
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic