Firewall Wizards mailing list archives
Re: FW1 - NAT hide problem
From: Thomas Piergallini <pierre () elkrun chantilly va us>
Date: Tue, 2 Nov 1999 09:00:37 -0500 (EST)
With firewall-1 and NAT the packets must be routed through the NT system, in order for your hide to take effect. With NT RAS, merely selecting the IP Forwarding box in the network properties is not enough to get the packets to route out across the RAS connection. You have to make the registry change below to get packets to route across a RAS PPP connection. 1.Start Registry Editor (Regedt32.exe). 2.Go to the following key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RasArp\Parameters 3.From the Edit menu, click Add Value. 4.Enter the following value: Value name: DisableOtherSrcPackets Value Type: REG_DWORD Range: Boolean (0 or 1) Default: 1 (not in Registry) 5.Exit Registry Editor. You need to make the value a "0" to get the packets to route across RAS PPP. Do not forget to reboot. Your other choice is to run all packets throught the Security Servers, but that would defeat the whole point of using a checkpoint statefull firewall. -pierre On Sat, 30 Oct 1999, Andy Davis wrote:
Hi I hope someone can help me with this problem: I've just installed FW1 on an NT box, it has two interfaces - an ISDN RAS connection to the Internet and a ethernet connect to an internal network containing a Linux box. I've been trying to set it up so that the internal addresses 192.168.10.x are hidden by the external address (valid address) of the firewall. Please could someone explain in simple terms how to configure this setup. Currently when I ping from the linux box to the Internet the echo-request packet reaches the firewall as I can see it appear on the log but the echo-reply never appears. Also whenever I boot my NT box the MAC address of the RAS interface changes (I presume because it's not a real physical interface - it this the problem? Thanks in advance, Andy Davis.
-- Thomas Piergallini EMAIL: pierre () elkrun chantilly va us, pierre () cybertrace com, tompierre () aol com AOL-IM: tompierre ICQ: 4439360 PAGER: pierre-pager () nova org WEB: http://www.elkrun.chantilly.va.us, http://www.cybertrace.com PGP Key Server ID: 50E91A08 644D5B39, Netscape and Outlook Certs available
Current thread:
- Re: FW1 - NAT hide problem Jack Dingler (Nov 01)
- <Possible follow-ups>
- Re: FW1 - NAT hide problem Thomas Piergallini (Nov 02)