Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

strange firewall setup

From: Arc Angel <fwizlist () yahoo com>
Date: Wed, 7 Jul 1999 12:16:20 -0700 (PDT)
I was at a customer site recently doing something only vaguely related
to their firewall, and was totally baffled. I don't understand why it
worked. Naturally, me being the consultant, I didn't want to ask them.
It looked a little like the diagram below. IP addresses have been
changed; onsite they are legitimate addresses.
   |---------------|    |-----|   
|----------------------------------------|
   | router        |    |     |    |          Cisco Pix Firewall       
    |
   | 192.168.0.1   |----| Hub |----| Ext IP Unknown   Int IP
192.168.0.20   |
   | 255.255.252.0 |    |     |    |    (by me)           NM
255.255.252.0  |
   |---------------|    |-----|   
|----------------------------------------|
                                      |
                                   |-----|
                                   | Hub |
                                      |
                          (~~~~~~~~~~~~~~~~~~~~~~~~~~~)
                          ( Internal network          )
                          ( 192.168.0.0:255.255.252.0 )
                          (~~~~~~~~~~~~~~~~~~~~~~~~~~~)
In other words, everything on the entire network was using
192.168.0.0/22, including the router *and* the firewall. But,
physically, the router was on the other side of the firewall. And the
router (192.168.0.1) was the default route for all the hosts on the
internal network. How could this work? Would the firewall have to ARP
as 192.168.0.1, but then know to forward?  Thanks, wizards.
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
Previous By Date Next
Previous By Thread Next

Current thread: