|
Ah yes..
This could be so, I currently have both the dmz and
internal cards connected to the same wire segment, which on the old firewall
without stateful inspection was fine I'll have to do some new wiring and split
to two hubs.
So the load balancing this is no problem
then?
Thanks
Peter
----- Original Message -----
Sent: Thursday, March 21, 2002 9:51
AM
Subject: Re: [gb-users] IP Address
spoofing
Hi Peter,
Address spoofs indicate a packet originating
on one network is reaching the firewall on a different interface. I would
hazard a guess that you have your network cables plugged into the back of your
firewall incorrectly. This would cause traffic from the protected network to
hit the external interface of the firewall, which would cause the
spoofs.
Regards,
Matt...
--
Matt Bradley
Technical Consultant
Global Secure
Systems Ltd
Tel: +44 (0)870 458 1113
Fax: +44 (0)870 458 1114
Support: +44 (0)870 458 1115
E-mail: [EMAIL PROTECTED]
Web: http://www.gsec.co.uk
"The views expressed
in this correspondence are those of the author and not
necessarily those
of Global Secure Systems Ltd"
At 09:22 21/03/2002 +0000, you
wrote:
Hi all,
I'm in the process of
replacing my current firewall with a GB1000, I have
configured this the
best I can to be the same for the time being, I'll start
to change things
later for now I just want to swap out without any
difficulties.
I
swapped over the network cables to test the other night and no one
could
get access to my intranet servers in the DMZ, I swapped back
immediately and
checked the logs on the GB1000, it was reporting that the
intranet servers
where 'spoofing'.
The setup I have for the
intranet is a load balancer (LinuxVirtualServer)
and many 'real servers'
WinNT behind, the load balancer accepts requests on
a 'virtual' IP and
then does address translation to the 'real server' which
fulfil the
request and then does address translation again before returning
this to
the client, it would seem that the GB is seeing this being done
and
rejecting the packets.
Is this do-able with GB? Has
anyone else done this kind of setup?
Any help much
accepted
Peter Martin
IT Operations Manager
Initial Electronic
Security
e.
[EMAIL PROTECTED]
---------------------------------------------------------------------
To
unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the
digest version first unsubscribe, then
e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
--------------------------------------------------------------------------------------------------------------------
InfoSecurity
Europe 2002, 23rd - 25th April
Visit GSS at Olympia, The Grand Hall,
Stand 540
For
pre-registration:
http://www.infosec.co.uk/page.cfm/action=PreReg/NewPerson=Yes/t=m
---------------------------------------------------------------------------------------------------------------------
|
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the digest version first unsubscribe, then
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
