Forwarding another host

[Rodrique Heron]

On 1/12/08, David DeSimone <fox at verio.net> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Rodrique Heron <swygue at rodhouse.org> wrote:
> >
> > Yep! I understand perfectly, now is there anything I can do on the pix
> side
> > to allow the traffic back to HOST-A ?
>
> This seems the wrong question to ask.
>
> Shouldn't you instead be wondering, how can you get the PIX to forward
> connections to HOST-B instead of to HOST-A?  The PIX is a full firewall
> with NAT features, so it can perform the NAT instead of your BSD box,
> and since it is the default gateway for return traffic, will have no
> trouble applying the translation in both directions.
>
> I realize this is a FreeBSD mailng list, but you should go for the
> simplest solution, because complex solutions tend to fail in complex
> ways.


You are right, I'm looking into that since I don't know much about the PIX.

- --
> David DeSimone == Network Admin == fox at verio.net
> "This email message is intended for the use of the person to whom
> it has been sent, and may contain information that is confidential
> or legally protected.  If you are not the intended recipient or have
> received this message in error, you are not authorized to copy, dis-
> tribute, or otherwise use this message or its attachments.  Please
> notify the sender immediately by return e-mail and permanently delete
> this message and any attachments.  Verio, Inc. makes no warranty that
> this email is error or virus free.  Thank you."  --Lawyer Bot 6000
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
>
> iD8DBQFHiGrbFSrKRjX5eCoRAma/AJwJUY1t0WL7C0b1S5M+IDAvFdODTwCdGcH/
> nVtNURikbji5A9RMtPI3DoE=
> =S5sQ
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>