RE: [FW1] Hide Internal Network NOT Using the FW's External IP

Thu, 08 Jun 2000 19:14:21 -0700 


Yeah, but then you can terminate the tunnels on the public DMZ address ;-)

At 09:24 PM 6/8/00 -0400, [EMAIL PROTECTED] wrote:
>         In this case a Non-routable would not work.  -----Original
>Message
>
>--
>From: Jason Witty [mailto:[EMAIL PROTECTED]] 
>Sent: Thursday,
>June
>08, 2000 8:13 PM 
>To: Larry Haff;
>[EMAIL PROTECTED] 
>Subject: Re: [FW1] Hide Internal
>Network NOT Using the FW's External IP  
> 
>  Larry,   I'm not sure I fully follow what you're trying to do, but you can 
>definitely hide any internal (or DMZ) network behind any address you want 
>  They don't have to be hidden behind 
>  To that note, your ouside 
>  In my 
>firewall setups, I generally use an internal 10.x.x.x interface, a 
>publically addressed DMZ interface, and extranet and internet (outside) 
>  Then I NAT behind a second public IP 
>     And you can certainly drop all packets destined directly for the
firewall 
> "" rules (which send TCP 
>RESETS sourced from the firewall), the firewall won't answer for anything 
>  Just a few thoughts.....   Jason 
>http://www.wittys.com   At 04:44 PM 6/8/00 -0700, Larry Haff wrote: 
>> 
>>Hi All, 
>> 
>>In trying to have a FW be as invisible as possible, I have often wondered
if 
>>it would be desirable, or even possible, to hide the portion of a LAN that 
>>is not using NAT behind an IP address other than the one assigned to the 
>>external interface of the FW. Has anyone tried this? If yes, can you offer 
>>guidance? 
>> 
>>Larry Haff 
>>Network and Technical Administrator 
>>Institute of Computer Technology 
>>Email: [EMAIL PROTECTED] 
>> 
>> 
>>=========================================================================== 
>===== 
>>     To unsubscribe from this mailing list, please see the instructions at 
>>               http://www.checkpoint.com/services/mailing.html 
>>=========================================================================== 
>===== 
>> 
>>  
> 
>===========================================================================
===== 
>     To unsubscribe from this mailing list, please see the instructions at 
>               http://www.checkpoint.com/services/mailing.html 
>===========================================================================
=====   
> 
> ***********************************************************************
> Gruntal 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to