> -----Original Message-----
> From: Randall, Mark [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, 26 October 1999 8:56 AM
> To: [EMAIL PROTECTED]
> Subject: NAT issues
>
>
> This may not be specific to firewalls, but infrastructure
> design around a
> firewall seems appropriate, so I'm going to ask anyway. :-)
>
> I've got a client that is looking to implement RFC1918
> addressing internally
> and implementing NAT at the gateways to a couple of ISP
> connections. I made
> mention of the fact that certain protocols get broken with
> NAT. Protocols
> that have IP address information embedded in the data portion
> of the packet,
> for example, would be broken, since NAT only rewrites the
> packet headers and
> doesn't deal with the data portion.
Actually, this is implementation dependant. FTP, for example, would get
broken by ultra-naive NAT, but all the NAT boxen I've seen support it. Maybe
you should be asking the vendor of the box that will be doing NAT - they
should have a list.
eg: Cisco's list is here: http://www.cisco.com/warp/public/701/60.html#HDT3
Cheers,
--
Ben Nagy
Network Consultant, CPM&S Group of Companies
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
