External. You want the internet thinking everything is coming from your firewall, so you hide behind it's external legal IP. Think of it from a purely routing standpoint: the gateway back into your private network is the external interface of your firewall. To get everything back to your private network it has to be sent to your firewall, so everything coming from it has to appear to be from that.
Hal -----Original Message----- From: Kim Longenbaugh [mailto:[EMAIL PROTECTED] Sent: Thursday, November 11, 2004 10:29 AM To: [EMAIL PROTECTED] Subject: [FW-1] nat question OK, at the risk of sounding stupid, which interface do you configure Hide NAT on so your internal network can browse the internet? Say you have an external interface, a dmz interface, and an internal interface. Say you want hosts on your internal network to get to the internet, and you want them to appear to the outside world as xxx.xxx.xxx.20 (assuming a public address) Do you configure Hide nat in the internal network object, or on the external network object? ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
