On Wed, May 09, 2001 at 10:10:49AM +1000, Ben Nagy wrote:
-Original Message-
From: Kelly, Patrick [mailto:[EMAIL PROTECTED]]
I have seen the scenario where clients insist on doing NAT at the perimeter
router. This leads to the configuration of the firewall to be configured
with
-Original Message-
From: Henry Yen [mailto:[EMAIL PROTECTED]]
[...]
Sadly, I don't know of any routers that filter inbound
packets for the
private IP range that they are protecting. If the attacker
can somehow get a
packet for your private network routed as far as your NAT
I have seen the scenario where clients insist on doing NAT at the perimeter
router. This leads to the configuration of the firewall to be configured
with private IP addresses on 'external' and 'internal' interfaces. The end
result is no way to log or monitor from the firewall any access
Patrick -
I've said it before, and I'll say it again: NAT is not
a security solution, but a convenience (I know, you still
have the firewall, but this is for your routing people). :-)
As far as logging is concerned, I would hope that your
firewall's logs would contain data on the interface the
-Original Message-
From: Kelly, Patrick [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 09, 2001 6:40 AM
To: '[EMAIL PROTECTED]'
Subject: Placement of NAT in relation to firewall logs
I have seen the scenario where clients insist on doing NAT at
the perimeter
router. This