> From: ext Dave Crocker [mailto:[EMAIL PROTECTED]] > Too late. Things are already confused, namely about the technical > distinction between bridge and router.
Not really, You think that Sonicwall is a router and I know that it's not. However I made a mistake by stating that it is bridge, I should have said that it's bridging firewall. One should use always precise terms in this environment. <snip> > A simple test to distinguish the two is to compare IP address > with MAC > address. In a bridged environment, the destination MAC > address will belong > to the destination IP address. (The sender obtains this via > ARP.) In a > routed address, the host sending the datagram (to the router) > will use the > MAC address of the router. (It uses the configured gateway > IP address to > do an ARP to obtain the MAC address of the router. So we do agree on this matter :-) As I said earlier. In configuration where NAT is not used Sonicwall is not defined as a gateway but rather just connected between router and other devices. There is no configuration change to clients. Subnet is divided by Sonicwall. I left out most of your mail because understanding preceding sentence makes it irrelevant. You probably got it, but just for common good. To explain how it works: A=Host A B=Host B Bmac=MAC address of Host B S=Sonicwall Sa=Sonicwall's network interface on Host A segment Sb=Soniwalls's network interface on Host B segment Subnet is same for both clients. Let's say it's 192.168.1.0/24 A---Sa|S|Sb----B So when A wants to connect B, what happens: 1. A will send ARP request to get host B MAC address 2. Sonicwall will see the request in interface Sa and respond (it probably sends ARP to host B and then uses that MAC) 3. A will send syn to Bmac (which will actually go to Sonicwall interface Sa) 4. Sonicwall will check the syn against it's Security policy and in this case it's allowed 5. Sonicwall will send packet to host B (Bmac) using interface Sb 6. Host B will send ARP request to get host A MAC address 7. Sonicwall will see the request in interface Sb and respond ... I love to get into philosophical debate, but I think that other members of this list don't enjoy it. So if you want to continue we can do it off-list. rgds, Harri _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
