07-09-2009 07:47 AM - edited 03-06-2019 06:40 AM
Hi all
is it correct that when I do a packet capture on my webserver in the dmz, I never see the true public destinationip address, I only ever see the destination as the interface of my dmz when the traffic is going back to the web, why is this ?
07-09-2009 08:22 AM
You can do a packet capture with the following commands
example
create an extended access-list matching the traffic src/dst or type of traffic.
access-list ex CAPTURE permit tcp host 10.10.10.1 host 10.10.10.2
under global config
capture CAPTURE_THIS_TRAFFIC access-list CAPTURE
than do a show capture to view the output
Hope this helps
07-10-2009 12:43 AM
hi there
when traffic from outside the firewall comes into my dmz gets natted, Am I right in saying that the source address from outside does not change, for some reason when I do a packet capture on the dmz net server, i always see the source as the dmz interface and the destination the server, in which case when the traffic goes back to the destination, how does it know where to go?? I would expect the source to be kept intact, or would it get changed to the firewall interface, how does it know where to send it back to?? would this be in the state table ?
07-10-2009 05:49 AM
Could you post the capture output that you doing?
But yes if the traffic is getting Nat'd from outside to DMZ the source should be the Nat'd ip address. Ip depends on the set up.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: