Well I guess. You are asking for problems, however, doing that.
-----Original Message-----
From: Jason Witty [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 08, 2000 10:06 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: RE: [FW1] Hide Internal Network NOT Using the FW's External IP
Yeah, but then you can terminate the tunnels on the public DMZ address ;-)
At 09:24 PM 6/8/00 -0400, [EMAIL PROTECTED] wrote:
> In this case a Non-routable would not work. -----Original
>Message
>
>--
>From: Jason Witty [mailto:[EMAIL PROTECTED]]
>Sent: Thursday,
>June
>08, 2000 8:13 PM
>To: Larry Haff;
>[EMAIL PROTECTED]
>Subject: Re: [FW1] Hide Internal
>Network NOT Using the FW's External IP
>
> Larry, I'm not sure I fully follow what you're trying to do, but you can
>definitely hide any internal (or DMZ) network behind any address you want
> They don't have to be hidden behind
> To that note, your ouside
> In my
>firewall setups, I generally use an internal 10.x.x.x interface, a
>publically addressed DMZ interface, and extranet and internet (outside)
> Then I NAT behind a second public IP
> And you can certainly drop all packets destined directly for the
firewall
> "" rules (which send TCP
>RESETS sourced from the firewall), the firewall won't answer for anything
> Just a few thoughts..... Jason
>http://www.wittys.com At 04:44 PM 6/8/00 -0700, Larry Haff wrote:
>>
>>Hi All,
>>
>>In trying to have a FW be as invisible as possible, I have often wondered
if
>>it would be desirable, or even possible, to hide the portion of a LAN that
>>is not using NAT behind an IP address other than the one assigned to the
>>external interface of the FW. Has anyone tried this? If yes, can you offer
>>guidance?
>>
>>Larry Haff
>>Network and Technical Administrator
>>Institute of Computer Technology
>>Email: [EMAIL PROTECTED]
>>
>>
>>===========================================================================
>=====
>> To unsubscribe from this mailing list, please see the instructions at
>> http://www.checkpoint.com/services/mailing.html
>>===========================================================================
>=====
>>
>>
>
>===========================================================================
=====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>===========================================================================
=====
>
> ***********************************************************************
> Gruntal
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
***********************************************************************
Gruntal & Co., L.L.C.'s e-mail system is for business purposes only.
Messages are not confidential. All e-mail may be reviewed by
authorized supervisors, compliance or internal audit personnel.
E-mail will be archived for at least three years and may be produced
to regulatory agencies or others with a legal right to access such
information. Gruntal will not accept trade order instructions via
e-mail. Please telephone your Account Executive to place trade orders.
Gruntal & Co., L.L.C.
***********************************************************************
