Re: [FW-1] LAN address space on WAN help ?

[Eric i [Permanent Link]]

Sounds like a job for fwparp (I think...) I'll try this ....


At 08:58 AM 6/24/2003 -0700, you wrote:
>   I don't think NAT provides the same function at all.
>   NAT makes a device, which is actually on a "trusted" side of
> the firewall, appear as if it was directly attached to the
> segment on the "untrusted" side.
>   Eric, though, is talking about assigning an address that
> "belongs" on the trusted side, to a device that is actually
> on the untrusted side.
>
>   Proxy ARP is an interesting suggestion.  If you give devices
> and interfaces on the untrusted segment addresses and masks as
> if they were on a supernet that includes both trusted and untrusted
> subnets, then proxy ARP can be used by the firewall to snag
> traffic that needs to get to the trusted side (and vice versa?).
>   This isn't quite as flexible as what Eric seems to be describing,
> and the path taken by packets may be different, but it does solve
> some of the same problems as the Sonicwall feature.
>
> David Gillett
>
> > -----Original Message-----
> > From: Mailing list for discussion of Firewall-1
> > [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM]On Behalf Of Bill
> > Sent: June 23, 2003 14:27
> > To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> > Subject: Re: [FW-1] LAN address space on WAN help ?
> >
> >
> > You could always use NAT to do the same thing on any box
> > running checkpoint
> > software.  Another option is proxy arp (a routing function,
> > not a firewall
> > fucntion) does something similar, but the underlying OS will
> > perform this
> > feature and may not be available on the OS you are using.
> > The configuration
> > and application of both will depend on your specific needs.
> > ----- Original Message -----
> > From: "David Gillett" <gillettdavid AT FHDA DOT EDU>
> > To: <FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
> > Sent: Monday, June 23, 2003 4:48 PM
> > Subject: Re: [FW-1] LAN address space on WAN help ?
> >
> >
> > >   Since FW-1 functions as a router, having some of a subnet on
> > > one side of it and some on the other is topologically illegal.
> > > So it would not make sense to offer this feature.
> > >
> > > David Gillett
> > >
> > > > -----Original Message-----
> > > > From: Mailing list for discussion of Firewall-1
> > > > [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM]On
> > Behalf Of Eric i
> > > > Sent: June 23, 2003 12:51
> > > > To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> > > > Subject: [FW-1] LAN address space on WAN help ?
> > > >
> > > >
> > > > I have a beautiful command/ feature available on my sonicwall
> > > >  firewall it
> > > > is on the the "advanced" menu on the intranet tab and it
> > is labled :
> > > > Specified address are attached to the wan link...
> > > > This allows me to communicate with computers with the same address
> > > > space/subnet behind the firewall(LAN) as the computers outside the
> > > > firewall(WAN).
> > > >
> > > > Does FW-1 have such a feature ??????
> > >
> > > =================================================
> > > To set vacation, Out-Of-Office, or away messages,
> > > send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> > > in the BODY of the email add:
> > > set fw-1-mailinglist nomail
> > > =================================================
> > > To unsubscribe from this mailing list,
> > > please see the instructions at
> > > http://www.checkpoint.com/services/mailing.html
> > > =================================================
> > > If you have any questions on how to change your
> > > subscription options, email
> > > fw-1-owner AT ts.checkpoint DOT com
> > > =================================================
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > fw-1-owner AT ts.checkpoint DOT com
> > =================================================
> >
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================