cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
177
Views
0
Helpful
1
Replies

natting please help

carl_townshend
Spotlight
Spotlight

hi there

when traffic from outside the firewall comes into my dmz gets natted, Am I right in saying that the source address from outside does not change, for some reason when I do a packet capture on the dmz net server, i always see the source as the dmz interface and the destination the server, in which case when the traffic goes back to the destination, how does it know where to go?? I would expect the source to be kept intact, or would it get changed to the firewall interface, how does it know where to send it back to?? would this be in the state table ?

1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Carl,

when you do a packet capture in DMZ you should see the source MAC of DMZ interface of firewall.

At layer3 the source ip should still be the original ip address as seen in the outside.

If not it means the FW is configured for a form of double natting or TCP intercept and in that case yes the state table is used to understand how to send back an answer.

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: