This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Prevent using of NAT behind my firewall

Dear All,

I have a customer behind my firewall that DNAT one public IP Address for him to his private IP Address.
I want to prevent him that he can not use nat server and share the IP address that i deliver to him.
How can i restrict him?

Thank you.
Ashakn

This thread was automatically locked due to age.

0 BAlfson over 16 years ago

How would you restrict him if you weren't giving him a public IP?

Maybe you could use network accounting to check the use of your bandwidth.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 16 years ago

I don't think there is a way to automatically block it, but there are many ways to detect it.

Googling for "detect NAT" gets lots of results; some of the more interesting ones are:
a. using p0f to detect multiple OS's or different OS versions.

b. using a sniffer to detect multiple browsers
zoltan's blog: Detect NAT using browser identification
ngrep would be better for this than tcpdump, btw.
(both ngrep and tcpdump are available on the Astaro console)

Barry
Cancel
Vote Up 0 Vote Down

Cancel