If I follow the instruction/diagram correctly, the problem here is
that both the sprayer and the destination host are on the same
network, on the same firewall interface, all configured with private
IPs and public NAT addresses.

The sprayer can't ping the hosts it's listening for by their public IP
addresses, get an error concerning NATs. Add an alias for those IPs on
that DMZ interface, get an arror about routes...

On 3/23/06, Paul Melson wrote:
> -----Original Message-----
> Subject: [fw-wiz] fun problem - possibly not possible

> Use static NAT for the address/alias where Network Dispatcher Advisors ar=

> bound and listening. Then use access-lists to allow the traffic to the
> static NAT address that you want to allow from other networks.
> In the following example, the address you would want to NAT for is 9.9.10=

> http://www.samag.com/documents/s=3D1...f/0106f_f1.htm
> PaulM

firewall-wizards mailing list