Jean Morissette wrote:
> I have a NT based fw and I added a second IP address to the network
> interface card (public interface of the FW), this IP address corresponds
to
> a NAT address (setup on the fw config.).
>
> My problem is when I do arp -a I do not see the IP address matching the
MAC
> ID of the NIC. I add it statically (I thought that would be permanent)
and
> it works fine. When I reboot the ARP entry is gone? Normal on NT?
I think so. For NT's TCP/IP-stack details generally see
www.microsoft.com/ntserver/commserv/techdetails/techspecs/tcpip.asp
though there's nothing indicated in it for your question.
>
> Is it normal that on NT based fw, I have to enable routing at the OS level
> for NAT to work?
Depends of your firewall. Normally one of the first steps performed on a
kind-of-secured computer: disable IP-forwarding.
No firewall should rely on OS's forwarding capabilities, but implement some
packet-forwarding mechanism itself. In case of NT you should also consider
KB articles Q217336 and Q238453.
Regards,
Enno
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
