cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4526
Views
0
Helpful
1
Replies

How to check if server is behind a firewall or not.

mahesh18
Level 6
Level 6

 

Hi Everyone,

 

For one of our customer remote sites i need to open some specific ports between the servers.

For this i need to config the ACL on firewalls.

Say Source is 192.168.50.x 

       Source is 172.16.10.x

       Source is 172.30.50.x

Destination is 172.16.10.x

 

I do not know deatiled network topology at the remote site.

I know the servers default gateway and traffic from source server to  to destination goes via few firewalls.

Need to confirm if i need to track which firewalls traffic flows from source to destination server best way is to remote in to server gateway and

do the sh ip route 172.16.10.x? and check the next hop device if it is firewall or not?

 

Also in some case source and destination server have same subnet so in this case i can assume no ACL is needed as they are behind same network?

Regards

Mahesh

 

 

 

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

Mahesh,

If your remote partner is using the same private network addressing as you (172.16.10.0 network) then you will have to use some NAT to change how they appear to your sources. Otherwise they won't be able to distinguish the path to "your" 172.16.10.0 subnet from "theirs". You will also have to NAT your sources in the 172.16.10.0 network to appear as something else to them or else they will have the same problem.

There a couple of good external sites with examples of how this works. Please refer to this packetu.com posting and this packetpushers one.

View solution in original post

1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

Mahesh,

If your remote partner is using the same private network addressing as you (172.16.10.0 network) then you will have to use some NAT to change how they appear to your sources. Otherwise they won't be able to distinguish the path to "your" 172.16.10.0 subnet from "theirs". You will also have to NAT your sources in the 172.16.10.0 network to appear as something else to them or else they will have the same problem.

There a couple of good external sites with examples of how this works. Please refer to this packetu.com posting and this packetpushers one.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: