Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1999_2

NFR Wizards Archive: strange firewall setup

strange firewall setup

Arc Angel (fwizlistyahoo.com)
Wed, 7 Jul 1999 12:16:20 -0700 (PDT)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Ken Fox: "[Fwd: tcp echo port 7]"
Previous message: Ge' Weijers: "Re: Extreme Hacking"
Next in thread: Thomas Crowe: "RE: strange firewall setup"
Reply: Thomas Crowe: "RE: strange firewall setup"
Reply: Bill Pennington: "Re: strange firewall setup"
Maybe reply: Martijn Berlage: "RE: strange firewall setup"
Maybe reply: Robert Graham: "Re: strange firewall setup"
Maybe reply: LeGrow, Matt: "RE: strange firewall setup"
Maybe reply: Robert Graham: "Re: strange firewall setup"

I was at a customer site recently doing something only vaguely related
to their firewall, and was totally baffled. I don't understand why it
worked. Naturally, me being the consultant, I didn't want to ask them.
It looked a little like the diagram below. IP addresses have been
changed; onsite they are legitimate addresses.
   |---------------| |-----|
|----------------------------------------|
   | router | | | | Cisco Pix Firewall
    |
   | 192.168.0.1 |----| Hub |----| Ext IP Unknown Int IP
192.168.0.20 |
   | 255.255.252.0 | | | | (by me) NM
255.255.252.0 |
   |---------------| |-----|
|----------------------------------------|
                                      |
                                   |-----|
                                   | Hub |
                                      |
                          (~~~~~~~~~~~~~~~~~~~~~~~~~~~)
                          ( Internal network )
                          ( 192.168.0.0:255.255.252.0 )
                          (~~~~~~~~~~~~~~~~~~~~~~~~~~~)
In other words, everything on the entire network was using
192.168.0.0/22, including the router *and* the firewall. But,
physically, the router was on the other side of the firewall. And the
router (192.168.0.1) was the default route for all the hosts on the
internal network. How could this work? Would the firewall have to ARP
as 192.168.0.1, but then know to forward? Thanks, wizards.
_________________________________________________________
Do You Yahoo!?
Get your free yahoo.com address at http://mail.yahoo.com

Next message: Ken Fox: "[Fwd: tcp echo port 7]"
Previous message: Ge' Weijers: "Re: Extreme Hacking"
Next in thread: Thomas Crowe: "RE: strange firewall setup"
Reply: Thomas Crowe: "RE: strange firewall setup"
Reply: Bill Pennington: "Re: strange firewall setup"
Maybe reply: Martijn Berlage: "RE: strange firewall setup"
Maybe reply: Robert Graham: "Re: strange firewall setup"
Maybe reply: LeGrow, Matt: "RE: strange firewall setup"
Maybe reply: Robert Graham: "Re: strange firewall setup"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:19:02 CDT