Firewall Wizards mailing list archives

RE: NAT Based on Service with only one legal IP

From: "W. Builder" <xbuilder () yahoo com>
Date: Wed, 21 May 2003 13:39:49 +0100 (BST)

A typical scenario is a small office LAN 
comprised of SMTP, FTP and  HTTP servers with internal
IPs and a xDSL broadband connection to the outside
world with only one dynamically assigned legal IP

FW-1 can not handle the dynamically assigned IP

I suspect that any of these new
'appliances' that have
software to deal with xDSL, where addresses are very
frequently assigned,
will be able to cope with this - it's just a
question of how much you call
them 'firewalls'. The basic problem is that if the
box itself isn't involved
in negotiating the IP address it becomes ugly.


Has anyone seen/used an xDSL appliance that can do
service based NAT with only one dynamically assigned
legal IP?


So, in short, moving your NAT to the network border
and doing it on your
screening router is one option. That might also
break other stuff that you
do, like VPNs. Who knows.

ben

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com 
[mailto:firewall-wizards-admin () honor icsalabs com]

On Behalf

Of W. Builder
Sent: Tuesday, May 20, 2003 5:43 PM
To: firewall-wizards () honor icsalabs com

Dear Gurus
 
Service based NAT with only one legal IP can be

done with

Checkpoint FW-1 NG but not for dynamically

allocated legal IP


http://www.phoneboy.com/fom-serve/cache/86.html

Are there any other non-CheckPoint firewall s/ware

products

or appliances that can do this with both one legal

static IP

? With  one dynamically assigned legal IP?
 
Many thanks
W.Builder


__________________________________________________
It's Samaritans' Week. Help Samaritans help others. 
Call 08709 000032 to give or donate online now at http://www.samaritans.org/support/donations.shtm
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

NAT Based on Service with only one legal IP W. Builder (May 20)
- RE: NAT Based on Service with only one legal IP Ben Nagy (May 22)
  - RE: NAT Based on Service with only one legal IP W. Builder (May 22)
- <Possible follow-ups>
- RE: NAT Based on Service with only one legal IP Ahmed, Balal (May 22)
- RE: NAT Based on Service with only one legal IP manatworkyes moderator (May 22)
- RE: NAT Based on Service with only one legal IP Sloane, David (May 22)
- RE: NAT Based on Service with only one legal IP Sloane, David (May 23)