[ previous ] [ next ] [ threads ]
 From:  "Chad R. Larson" <clarson at eldocomp dot com>
 To:  "ian351c at cox dot net" <ian351c at cox dot net>
 Cc:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [bayes] Re: [m0n0wall] ipf and IPSEC
 Date:  Sun, 4 Jan 2004 20:05:22 -0700
At 04:19 PM 1/1/2004, Ian Cartwright wrote:
>That's good news. Are you NATing all of your outbound traffic through your 
>m0n0wall box per chance?

Sorry for the late reply.  My anti-spam quarantined your mail for some reason.

No, I am not NATing my outbound.  My private address space (192.168.8.x) 
runs around on the company network just fine, and our default router knows 
to send outbound traffic for those addresses down the tunnel.

The encryption domain endpoints are the m0n0wall here and the Checkpoint 
there.  The checkpoint box =does= NAT the company's private addresses 
(172.20.x.x) to our class C public address space (205.259.99.x), so I can 
get to only those machines we've chosen to have a public presence.  All 
those machines are either in our DMZ or NATed through the firewall's 
interface on said DMZ.

There is an external firewall (currently closedBSD, soon to be m0n0wall) 
between AT&T (our bandwidth provider) and our DMZ.

So, my office appears to be two hops away from my home machines.  A 
traceroute shows my m0n0wall, the Checkpoint and then the target 
machine.  The tunnel actually goes through about 11 hops, but who cares?  I 
get about 70ms round trip times.

Chad R. Larson (CRL22)    chad at eldocomp dot com
   Eldorado Computing, Inc.   602-604-3100
      5353 North 16th Street, Suite 400
        Phoenix, Arizona   85016-3228


This message is intended for the sole use of the individual and entity to whom it is addressed, and
may contain information that is privileged, confidential and exempt from disclosure under applicable
law. If you are not the intended addressee, nor authorized to receive for the intended addressee,
you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or
any information contained in the message. If you have received this message in error, please
immediately advise the sender by reply email, and delete the message. Thank you.