On 04/05/2000 at 13:49:52 ZE5B, Kamatchi Sundaram G
<[EMAIL PROTECTED]> wrote:
> Let us consider in my border router, i am running both Firewall and NAT.
> As per the operational point of view for each inbound packets, NAT
> translates the packet first (Nat is handling Overlapping) then Firewall
> does the filtering. If this is the case, in the case of IP address
> spoofing, how the situation can be handled???.
If the firewall is logically between the NAT function and the Internet,
there should be no problem. It should only see valid Internet addresses
(from both directions). The source addresses in traffic from your site
should only be from the network of the external side of the NAT function.
Source addresses in traffic from the Internet can be any valid Internet
address except for your own external network. (Which means it should also
be blocking RFC1918 addresses, loopback addresses, and test network
addresses.)
Tony Rall
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
