NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] pcAnywhere from a 'hide' NAT'ed network



Some services can't be used with port address translation.

You can setup an ip on the outside of the firewall, put an entry in the
local.arp file,
define a static route to route traffic to the proper interface where the
server can
be reached and define a static nat rule which preserves the "service"
number.
The NAT rule/s will actually require one for egress traffic to hide the
source address and
an ingress rule to fixup the destination address to the real address of the
server.

Probably have to do this on both sides, and define some rules in your
rulebase to
only allow PCAW traffic to flow between specific endpoints.

Works for me.

This stuff is covered pretty well at phoneboy.com or in the PDF doc from
checkpoint.


----- Original Message -----
From: "John Hahn" <[email protected]>
To: <[email protected]>
Cc: <[email protected]>
Sent: Tuesday, September 19, 2000 9:32 AM
Subject: [FW1] pcAnywhere from a 'hide' NAT'ed network


>
> Hi All,
>
> I'm not sure if this if a pcAnywhere question or just a 'hide' NAT
question.
>
> I have an external network (A.B.C.D/24 {a division of my parent company,
> connected via Frame Relay to my site})that I 'hide' behind a NAT entry of
> (W.X.Y.Z/32). Folks in the A.B.C.D network are trying to use pc/Anywhere
to
> access a few servers that they built and maintain, and live within my
> building.
>
> The NAT rule converts the 'source' port from pcAnywhere's 5631 to port
10000
> (or above). The pcAnywhere running on the servers in my building don't
seem
> to know how to respond to incoming packets with a source port of 10000+.
>
> I've also seen this with other services going through a 'hide' NAT. FW
v4.0
> SP4, running on a Nokia platform w/ IPSO 3.2
>
> Any ideas would be appreciated.
>
> John E. Hahn
> [email protected]
>
>
> ______________________________________________
> FREE Personalized Email at Mail.com
> Sign up at http://www.mail.com/?sr=signup
>
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.