Well... actually that is the way to do it (if I understand your question
fully). You publish a second arp resolving an IP to the MAC address of your
public FW nic and hide your networks behind that with hide mode NAT. You
then drop any attempts to connect to that address. It's documented
step-by-step at phoneboy's site.
Carric Dooley
Network Security Consultant
"I have often regretted my speech, never my silence."
- Xenocrates (396-314 B.C.)
----- Original Message -----
From: "Larry Haff" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 08, 2000 7:44 PM
Subject: [FW1] Hide Internal Network NOT Using the FW's External IP
>
> Hi All,
>
> In trying to have a FW be as invisible as possible, I have often wondered
if
> it would be desirable, or even possible, to hide the portion of a LAN that
> is not using NAT behind an IP address other than the one assigned to the
> external interface of the FW. Has anyone tried this? If yes, can you offer
> guidance?
>
> Larry Haff
> Network and Technical Administrator
> Institute of Computer Technology
> Email: [EMAIL PROTECTED]
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
