Firewall Wizards mailing list archives
RE: strange firewall setup
From: "LeGrow, Matt" <Matt_LeGrow () NAI com>
Date: Tue, 13 Jul 1999 10:34:06 -0700
-----Original Message----- From: Arc Angel [SMTP:fwizlist () yahoo com] Sent: Wednesday, July 07, 1999 3:16 PM To: firewall-wizards () nfr net Subject: strange firewall setup I was at a customer site recently doing something only vaguely related to their firewall, and was totally baffled. I don't understand why it worked. Naturally, me being the consultant, I didn't want to ask them. It looked a little like the diagram below. IP addresses have been changed; onsite they are legitimate addresses. |---------------| |-----| |----------------------------------------| | router | | | | Cisco Pix Firewall | | 192.168.0.1 |----| Hub |---| Ext IP Unknown Int IP 192.168.0.20 | | 255.255.252.0 | | | | (by me) NM 255.255.252.0 | |---------------| |-----| |----------------------------------------| | |-----| | Hub | | (~~~~~~~~~~~~~~~~~~~~~~~~~~~) ( Internal network ) ( 192.168.0.0:255.255.252.0 ) (~~~~~~~~~~~~~~~~~~~~~~~~~~~)
This looks like someone had no time to renumber his internal IPs when this company bought their Cisco Pix :-) The Hub behind the primary router looks like a DMZ hub, while the Pix does NAT so the internal hosts can get out to the Internet. Router A has the default route to the internet, while the Pix routes everything outbound not governed by rules on the firewall to Router A. I would assume that unless they are doing something unusual with the DMZ hosts, requiring them to isolate that particular segment of the network, that they could just use another interface on the Pix and use it as a primary router to eliminate router A, it seems redundant and thats what makes it look funny. Not unusual, just lazy network admining :-)
Current thread:
- strange firewall setup Arc Angel (Jul 12)
- RE: strange firewall setup Thomas Crowe (Jul 13)
- Re: strange firewall setup Bill Pennington (Jul 13)
- <Possible follow-ups>
- RE: strange firewall setup Martijn Berlage (Jul 13)
- Re: strange firewall setup Robert Graham (Jul 13)
- RE: strange firewall setup LeGrow, Matt (Jul 13)
- Re: strange firewall setup Robert Graham (Jul 15)