Firewall Wizards mailing list archives
Re: Non-NAT Firewall
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Fri, 11 Nov 2005 01:25:52 +0530
On 06/11/05 18:28 -0600, Nathaniel Hall wrote:
Alright, this is a bit tough to explain, so I will try my best. I am currently running a CheckPoint-NG firewall with three interfaces. Interface 1 goes to DMZ 1 (public IP addressing and Internet facing), interface 2 goes to DMZ 2 (public IP addressing) and interface 3 goes to the internal network (private IP addressing). The CheckPoint FW does not peform NAT. That allows me to review logs of servers in DMZ 1 without having to figure out what internal IP as NATed. Now, for my problem. I would like to be able to have the same functionality using NetFilter, but I have not been able to figure out how to do this without masquerading or using DNAT and SNAT. Any ideas?
If you have IP forwarding enabled, and appropriate interface IP addresses and routes set at both ends, you should be fine. Note that IP forwarding is disabled by default. You may want to check with tcpdump what is actually happening on the interfaces. Debug traffic one interface at a time. You will see traffic which would be blocked by the forwarding rules on the accepting interface, so no need to worry about that. Devdas Bhagat _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Non-NAT Firewall Nathaniel Hall (Nov 10)
- Re: Non-NAT Firewall Devdas Bhagat (Nov 17)
- RE: Non-NAT Firewall Paul Melson (Nov 17)
- Re: Non-NAT Firewall Sigurd Urdahl (Nov 17)
- Re: Non-NAT Firewall Nathaniel Hall (Nov 17)
- Re: Non-NAT Firewall R. DuFresne (Nov 22)