[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ftp-proxy's inability to proxy using arbitrary source ip addresse s
It's quite common to use 1918 address for /30 networks to conserve ip
Also, cisco routers can use a range of public address for the nat
Joe Hamelin <email@example.com> Edmonds, Washington 425.640.5614
On Sat, 9 Mar 2002, Daniel Hartmeier wrote:
:On Fri, Mar 08, 2002 at 04:00:12PM -0800, Adam Herscher wrote:
:> ISP --- <router> --rfc1918-ip-space-- (xl1)<pf firewall> --- Client
:> Although the point to point connection between the router and the pf
:> firewall uses private ip space, pf on the firewall NATs the outside (xl1)
:> interface (numbered 10.0.0.1) to a global ip address 18.104.22.168 (numbers are
:> fictional, for example only).
:I've never seen anyone use NAT to translate outgoing packet's source
:addresses to something other than the external address of the firewall.
:The router obviously sends packets for 22.214.171.124 to the firewall,
:otherwise the setup wouldn't work at all. Why don't you give the
:firewall's external interface the address 126.96.36.199?
:If the router forwards packets with private addresses, it would _have_
:to do NAT itself. If it doesn't, why use private addresses between the
:router and the firewall?