natting please help

Unanswered Question
Jul 10th, 2009

hi there

when traffic from outside the firewall comes into my dmz gets natted, Am I right in saying that the source address from outside does not change, for some reason when I do a packet capture on the dmz net server, i always see the source as the dmz interface and the destination the server, in which case when the traffic goes back to the destination, how does it know where to go?? I would expect the source to be kept intact, or would it get changed to the firewall interface, how does it know where to send it back to?? would this be in the state table ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Sat, 07/11/2009 - 00:46

Hello Carl,

when you do a packet capture in DMZ you should see the source MAC of DMZ interface of firewall.

At layer3 the source ip should still be the original ip address as seen in the outside.

If not it means the FW is configured for a form of double natting or TCP intercept and in that case yes the state table is used to understand how to send back an answer.

Hope to help



This Discussion