The packets have the firewall's external interface ip as their destination ip field; the firewall handles the address translation back to the internal host. When you initiate an outbound connection from an internal host, the firewall substitutes the 'hide-NAT' address (the firewall's external interface address) for your host's non-routable address in the source ip field of the ip packet, and the firewall stores the source port 'p' (>1024). If the firewall subsequently receives an inbound packet at its external interface with a destination port 'p', it associates that port number with your host's non-routable internal address and routes the packet accordingly. (At least this is how Checkpoint does it). Fred ----- Original Message ----- From: "Bill Hamel" <[EMAIL PROTECTED]> To: "Meritt James" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, November 15, 2002 10:42 PM Subject: Re: Company Firewall's IP Address
> Then routing wise, how do the packets find their way back to the firewall > if they don't know the source IP ? ? > > > On Fri, 15 Nov 2002, Meritt James wrote: > > > Such is not the case. I've done otherwise. > > > > Bill Hamel wrote: > > > > > > Unless I am missing something in the question, no matter what you do, > > > what/whoever you connect to through a firewall will always know the IP > > > address of the the trusted interface of the firewall. > > > > > > -bh > > > > > > On Wed, 13 Nov 2002, Meritt James wrote: > > > > > > > "an" IP Address - not necessarily the originating individual. There are > > > > a LOT of ways around that. > > > > > > > > Jim > > > > > > > > [EMAIL PROTECTED] wrote: > > > > > > > > > There is nothing new about finding your IP Address and display it on the web page. > > > > > > > > -- > > > > James W. Meritt CISSP, CISA > > > > Booz | Allen | Hamilton > > > > phone: (410) 684-6566 > > > > > > > > -- > > James W. Meritt CISSP, CISA > > Booz | Allen | Hamilton > > phone: (410) 684-6566 > > >
