Re: NAT sanity check

["Darden, Patrick S." <darden () armc org>]

The Checkpoint firewall box should be your default gateway--make it .1 and it can NAT/PAT to anything behind it.
--p

-----Original Message-----
From: firewall-wizards-bounces () listserv icsalabs com [mailto:firewall-wizards-bounces () listserv icsalabs com]On 
Behalf Of David Steele
Sent: Thursday, November 01, 2007 8:24 PM
To: firewall-wizards () listserv icsalabs com
Subject: [fw-wiz] NAT sanity check


Hi,

I'm hoping someone can provide a sanity check on the following configuration - i.e.: will it work?

I've got a /29 public network, addresses (say) .2 to .6, with default gateway of .1.  Can I place a Checkpoint firewall 
on .2 and have it use the remaining addresses for NAT'd services on the other side of the firewall? 

I ask as I'm certain I've done this in the past, but I'm a few years out of doing firewall work and my current 
technical contact reckons this won't work - that the default gate will ARP for the address and the .2 firewall won't 
respond; and that furthermore the only way to use the addresses would be to put a different subnet between the default 
gateway and the firewall and route the /29 network to the firewall (which I agree will work, but...) 

Also, would it work if the firewall was a PIX?

TIA

-- 
_______________________________
David Steele

<insert sig line witticism here> 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards