Archive for August, 2011

weekend de rasfat

Posted: August 7, 2011 in personal
Tags: ,

De ce? Pentru ca am pornit-o de sambata dimineata: Starbucks de dimineata, shopping, film cu 2 prieteni buni, mers la deschiderea stadionului Lia Manoliu cu alt prieten. Apoi cina la Ali Baba cu prietenul de mai sus si sotia lui. – pictures to come

For ze record: I absolutely love Ali Baba (specially the desert called Ali Baba nights) – pictures to come

Narghilea si povesti pana la 1 noaptea la Shisha Caffe 8->

Somn

Duminica dimineata: Starbucccksss 😀 apoi pranz la Don Corleone, vizitat animalutzele de la Zoo (loved ze python 😀 – ze animal, not the scripting language 😛 ), apoi bagat Geol la “Lente” – impreuna cu prietenii de la care asteptam si pozele.

Ca Niciodata! Un weekend linistit Acasa, cu tiranul si cu prietenii. Nu munca, nu travel, doar lenevit, mancat chestii bune, plimbat, shopping, film, joaca, tinut in brate 😛

 

Un bine-meritat (zic eu) week-end dupa 1 luna in care am luat la foc automat 2 certificari de security clasificate in primele 10 din lume de mai multe topuri! 😀

Feel like doing something good with my life, and enjoying it at the same time.

/Me happy

Advertisements

I believe this is how it works, at least partially. Could not find this information anywhere online, only got partial responses, that don’t actually cover all the cases. Not to mention, all the aspects on where exactly in the FW engines the NAT actually happens:

===========================================================================
Automatic NAT: 
- Static NAT
> 2 NAT rules are automatically created:
>> A source translation where translates the source between the original and
 the NAT address.
>> A destination translation where translates the destination between the
NAT and the original address.
> creates proxy ARP
 -- Translate on Client Side ON
> translates on Inbound, after VM, before routing, on interface I
> don't need anymore routes
-- Translate on Client Side OFF
> translates on Outbound, after routing, after VM, on interface O
> add route from public IP to private IP

- Hide NAT (as this is also "automatic" only works with public IP from FW interface)
> creates proxy ARP
 -- Translate on Client Side ON
> translates on Inbound, after VM, before routing, on interface I
> no more routes needed

 -- Translate on Client Side OFF
> translates on Outbound, after routing, after VM, on interface O
> no more routes needed
 ===========================================================================
Manual NAT:
- Static NAT
 -- Translate on Client Side ON
> add ARP entries to the FW for all hiding IPs
> no additional routes needed
> translates on Inbound, after VM, before routing, on interface I

 -- Translate on Client Side OFF
> add ARP entries to the FW for all hiding IPs
  --- Hiding IP in same subnet as FW external Interface
> add route from public IP to private IP
  --- Hiding IP in different subnet as FW external Interface
> add route from public IP to private IP: next hop: private IP

- Hide NAT
 -- Translate on Client Side ON
  --- Hiding IP in same subnet as FW external Interface
> no ARP changes needed
> no additional routes needed
> translates on Inbound, after VM, before routing, on interface I

  --- Hiding IP in different subnet as FW external Interface
> add ARP entry to the FW for the hiding IP
> translates on Inbound, after VM, before routing, on interface I
> routes ? 

 -- Translate on Client Side OFF
  --- Hiding IP in same subnet as FW external Interface
> add route from public IP to private IP
> translates on Outbound, after routing, after VM, on interface O

  --- Hiding IP in different subnet as FW external Interface
> add route from public IP to private IP: next hop: private IP
> translates on Outbound, after routing, after VM, on interface O
===========================================================================
CopyRight: CheckPoint
===========================================================================
Do Manual NAT when:
- Instances where remote networks only allow specifci IP addresses
- Situations where translation is desired for some services, and not others
- Environments where more granular control of address translation in VPN tunnels is needed
- Enterprises where address translation rule base must be manipulated
- When Port Address Translation is required
- Environments where granular control of address translation between internal networks is required
- When a range of IP addresses, rather than a network, will be translated

Recently I am thinking about PoisonBlack, specifically. The only song of theirs that I actually like is Rush. I haven’t listened to all of them, because I simply did not have the patience to do that!

Man, Love InfernalMercury Falling…what’s up with that CRAP? My feeling is that they are trying to resemble HIM. Now, I know HIM is a big hit and everything, but most of HIM’s songs sound all the same. A PoisonBlack sounding like HIM, but not being HIM just does not make any freaking sense!

The saddest part of the story is that I actually LOVE Sentenced.

The Sentenced vocal, Ville Laihiala, is now the vocal of PoisonBlack. Unfortunately, Sentenced dissolved in 2006, after Miika Tenkula’s death. Miika Tenkula was writing most of the Sentenced songs – and boy, they were SUPER!

Now, if I am to go to a concert, hoping to listen to …at least _something_ that sounds like Sentenced, I have nowhere to go. I wish PoisonBlack were more like Sentenced, but only Rush sounds good, as far as I can tell so far. If only Miika were still alive! He would continue to write cool songs, and boring PoisonBlack band will have never been invented.

For those who like to listen to Sentenced, take a look at the following live concert, from my YouTube Playlist: http://www.youtube.com/watch?v=sOetxT3nMnU&feature=mh_lolz&list=PL24B495A465BFABF1