RE: fun problem - possibly not possible

["Paul Melson" <pmelson () gmail com>]

-----Original Message-----
Subject: Re: [fw-wiz] fun problem - possibly not possible

> If I follow the instruction/diagram correctly, the problem here is that
both the sprayer and 
> the destination host are on the same network, on the same firewall
interface, all configured 
> with private IPs and public NAT addresses.

What protocol(s) are you using Network Dispatcher for?  I'm not sure I
understand why 1) Network Dispatcher has to reference the other servers by
their public addresses and not their DMZ addresses and 2) why you've got the
firewall doing NAT for the servers you're trying to load balance with
Network Dispatcher.


> The sprayer can't ping the hosts it's listening for by their public IP
addresses, get an 
> error concerning NATs. Add an alias for those IPs on that DMZ interface,
get an arror about 
> routes...

If you were doing this with almost anything other than a PIX, this would
probably work the way you have it configured.  But since a PIX won't route
or NAT across the same interface, it doesn't work.  That said, I don't think
you need it configured that way in order for this to work.

PaulM




_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards