Re: Company Firewall's IP Address

Hi,

On Sat, 16 Nov 2002, Frederick Garbrecht wrote:

[ explanation about NAT cut away (and rearranged message a bit) ]

>>>>>> There is nothing new about finding your IP Address and display it on >>>>>> the web page.

>>>>> "an" IP Address - not necessarily the originating individual. There are >>>>> a LOT of ways around that.

>>>> Unless I am missing something in the question, no matter what you do,
>>>> what/whoever you connect to through a firewall will always know the IP
>>>> address of the the trusted interface of the firewall.

>>> Such is not the case. I've done otherwise.

>> Then routing wise, how do the packets find their way back to the firewall >> if they don't know the source IP ? ?

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The reply about not needing a trusted interface implied you did not have to give an IP address (be it yours, or from a proxy). I assume the original poster of that message just meant it could be a proxy. Because otherwise I strongly agree with the reply "How do the packets find their way back?"

You must give an IP-address of a machine, that knows how to send the reply back to you. You could give it an incorrect address, of course, but you won't get the replies in that case.

-- 
Regards,

Andre