Firewall Wizards mailing list archives
RE: NAT Based on Service with only one legal IP
From: "Ben Nagy" <ben () iagu net>
Date: Wed, 21 May 2003 09:14:16 +0200
I think you are asking if you can have static port NAT mappings for different services going to different internal physical servers, and also do that for dynamically assigned IP addresses as well as statically configured ones. Offhand I know that Cisco routers have been able to do this for a few versions now. I suspect that any of these new 'appliances' that have software to deal with xDSL, where addresses are very frequently assigned, will be able to cope with this - it's just a question of how much you call them 'firewalls'. The basic problem is that if the box itself isn't involved in negotiating the IP address it becomes ugly. So, in short, moving your NAT to the network border and doing it on your screening router is one option. That might also break other stuff that you do, like VPNs. Who knows. ben
-----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of W. Builder Sent: Tuesday, May 20, 2003 5:43 PM To: firewall-wizards () honor icsalabs com Dear Gurus Service based NAT with only one legal IP can be done with Checkpoint FW-1 NG but not for dynamically allocated legal IP http://www.phoneboy.com/fom-serve/cache/86.html Are there any other non-CheckPoint firewall s/ware products or appliances that can do this with both one legal static IP ? With one dynamically assigned legal IP? Many thanks W.Builder
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- NAT Based on Service with only one legal IP W. Builder (May 20)
- RE: NAT Based on Service with only one legal IP Ben Nagy (May 22)
- RE: NAT Based on Service with only one legal IP W. Builder (May 22)
- <Possible follow-ups>
- RE: NAT Based on Service with only one legal IP Ahmed, Balal (May 22)
- RE: NAT Based on Service with only one legal IP manatworkyes moderator (May 22)
- RE: NAT Based on Service with only one legal IP Sloane, David (May 22)
- RE: NAT Based on Service with only one legal IP Sloane, David (May 23)
- RE: NAT Based on Service with only one legal IP Ben Nagy (May 22)