FW: [sclug] Firewalls
Tom Dawes-Gamble
tmdg at hp.com
Sat Oct 25 09:05:31 UTC 2003
lug at assursys.co.uk wrote:
> On Wed, 15 Jan 2003, Tom Dawes-Gamble wrote:
>
>
>>tim wrote:
>>
>>
>>>2. Could not seem to get the NAT working on ipcop. My local addresses
>>>192nnnnnn seemed to leak out into the net, which seemed good in some ways
>>>in that sites thought my ip address was 192 etc, but bad in the fact that
>>>I was not doing it deliberately and I am sure its not good generally.
>>>
>>
>>Strange. I would have thought that if your 192. adddress leaked
>>out then the connection would fail since the remote end would not have a
>>route to your 192.
>
>
> I agree entirely. Of course, it's entirely possible that the Tim was
> referring to, say, a website that uses a bit of Java(Script) to determine
> the end-client's IP address. That won't be detected or NATted by any of the
> NAT solutions I've come across...
>
>
Yes, but NAT sould only change the envelope part of the packet and not the
contents.
Last night I managed to get VPN working from my behind my ipcop firewall
to our company intranet. How ip_masq_ipsec.o enables that is PFM to me.
Tom.
--
There are 10 sorts of people.
Those that understand Binary and those that don't.
More information about the Sclug
mailing list