Archived from groups: comp.security.firewalls (More info?)
I would try to make sure that the the spoofed IP address is on the same subnet as
your dmz. You stated that your DMZ is 192.168.25.0/27 which has a mask of
255.255.255.224 allowing for 8 subnets and 30 hosts per. The first subnet would be
192.168.25.0 with .1 being the first, 30 being the last, and 31 being your
broadcast. I know you didn't ask for a subnetting response but I wanted to assure
that you understand where I'm coming from. If you simply have the ftp server use an
IP assigned to the dmz all should work well as follows:
Also, you may have to tweak the systems' hosts files.
email@example.com (MAXIMUS) wrote in news:8c80ad15.0404270652.4ad43676
> I have a classical PIX 515 with 3 interfaces.
> Outside is, for example, 18.104.22.168/28
> Inside is 10.10.10.0/25
> DMZ is 192.168.25.0/27
> .1 is always the ip of the ethernet adapter facing those networks.
> In the DMZ, I have an FTP server. I know it is ad but that server
> needs to send data to a machine located in the inside network.
> I should do "static" to achieve so. But, I do not want the ftp server
> to know the real IP address of the inside server (NFS)
> If that internal server is 10.10.10.10, how do add make sure it is
> 192.168.30.30 for the ftp server? I have to do such a reverse NAT?
> What's up with the routing?
> Many thanks,