Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1999_2

NFR Wizards Archive: Re: strange firewall setup

Re: strange firewall setup

Bill Pennington (bpenningtonlucidnetworks.com)
Mon, 12 Jul 1999 16:18:29 -0700

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Martijn Berlage: "RE: strange firewall setup"
Previous message: Crispin Cowan: "Re: Extreme Hacking"
In reply to: Marcus J. Ranum: "Re: Extreme Hacking"
Next in thread: Martijn Berlage: "RE: strange firewall setup"

Since this is a Cisco Pix they are most likely employing Natwork Address
Translation. For a through explanation of NAT visit Cisco's web site.
Also I think you have the diagram backwards or at least your labeling is
incorrect. Most likely the Internal interface of the Pix is conneced to
the internal network. I think once you understand NAT you will
understand how this works.

On the routing side the router at 192.168.0.1 has its default gateway
set to 192.168.0.2 (or watever the internal address of the fireall is).
Hope that helps!

Bill

Arc Angel wrote:
>
> I was at a customer site recently doing something only vaguely related
> to their firewall, and was totally baffled. I don't understand why it
> worked. Naturally, me being the consultant, I didn't want to ask them.
> It looked a little like the diagram below. IP addresses have been
> changed; onsite they are legitimate addresses.
> |---------------| |-----|
> |----------------------------------------|
> | router | | | | Cisco Pix Firewall
> |
> | 192.168.0.1 |----| Hub |----| Ext IP Unknown Int IP
> 192.168.0.20 |
> | 255.255.252.0 | | | | (by me) NM
> 255.255.252.0 |
> |---------------| |-----|
> |----------------------------------------|
> |
> |-----|
> | Hub |
> |
> (~~~~~~~~~~~~~~~~~~~~~~~~~~~)
> ( Internal network )
> ( 192.168.0.0:255.255.252.0 )
> (~~~~~~~~~~~~~~~~~~~~~~~~~~~)
> In other words, everything on the entire network was using
> 192.168.0.0/22, including the router *and* the firewall. But,
> physically, the router was on the other side of the firewall. And the
> router (192.168.0.1) was the default route for all the hosts on the
> internal network. How could this work? Would the firewall have to ARP
> as 192.168.0.1, but then know to forward? Thanks, wizards.
> _________________________________________________________
> Do You Yahoo!?
> Get your free yahoo.com address at http://mail.yahoo.com

Next message: Martijn Berlage: "RE: strange firewall setup"
Previous message: Crispin Cowan: "Re: Extreme Hacking"
In reply to: Marcus J. Ranum: "Re: Extreme Hacking"
Next in thread: Martijn Berlage: "RE: strange firewall setup"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:19:03 CDT