At 04:19 PM 1/1/2004, Ian Cartwright wrote:
>That's good news. Are you NATing all of your outbound traffic through your
>m0n0wall box per chance?
Sorry for the late reply. My anti-spam quarantined your mail for some reason.
No, I am not NATing my outbound. My private address space (192.168.8.x)
runs around on the company network just fine, and our default router knows
to send outbound traffic for those addresses down the tunnel.
The encryption domain endpoints are the m0n0wall here and the Checkpoint
there. The checkpoint box =does= NAT the company's private addresses
(172.20.x.x) to our class C public address space (205.259.99.x), so I can
get to only those machines we've chosen to have a public presence. All
those machines are either in our DMZ or NATed through the firewall's
interface on said DMZ.
There is an external firewall (currently closedBSD, soon to be m0n0wall)
between AT&T (our bandwidth provider) and our DMZ.
So, my office appears to be two hops away from my home machines. A
traceroute shows my m0n0wall, the Checkpoint and then the target
machine. The tunnel actually goes through about 11 hops, but who cares? I
get about 70ms round trip times.
Chad R. Larson (CRL22) chad at eldocomp dot com
Eldorado Computing, Inc. 602-604-3100
5353 North 16th Street, Suite 400
Phoenix, Arizona 85016-3228
-- CONFIDENTIALITY NOTICE --
This message is intended for the sole use of the individual and entity to whom it is addressed, and
may contain information that is privileged, confidential and exempt from disclosure under applicable
law. If you are not the intended addressee, nor authorized to receive for the intended addressee,
you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or
any information contained in the message. If you have received this message in error, please
immediately advise the sender by reply email, and delete the message. Thank you.