[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ftp-proxy's inability to proxy using arbitrary source ip addresse s
It's quite common to use 1918 address for /30 networks to conserve ip
space.
Also, cisco routers can use a range of public address for the nat
pool.
-Joe
--
================================================================
Joe Hamelin <joe@nethead.com> Edmonds, Washington 425.640.5614
================================================================
On Sat, 9 Mar 2002, Daniel Hartmeier wrote:
:On Fri, Mar 08, 2002 at 04:00:12PM -0800, Adam Herscher wrote:
:
:> ISP --- <router> --rfc1918-ip-space-- (xl1)<pf firewall> --- Client
:>
:> Although the point to point connection between the router and the pf
:> firewall uses private ip space, pf on the firewall NATs the outside (xl1)
:> interface (numbered 10.0.0.1) to a global ip address 64.1.1.1 (numbers are
:> fictional, for example only).
:
:I've never seen anyone use NAT to translate outgoing packet's source
:addresses to something other than the external address of the firewall.
:The router obviously sends packets for 64.1.1.1 to the firewall,
:otherwise the setup wouldn't work at all. Why don't you give the
:firewall's external interface the address 64.1.1.1?
:
:If the router forwards packets with private addresses, it would _have_
:to do NAT itself. If it doesn't, why use private addresses between the
:router and the firewall?
:
:Daniel
: