NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] NAT and DMZ routing

Title: NAT and DMZ routing
You don't say if you have routes on your internet router to the dmz servers
with the firewall as your gateway.  Not having those routes would give  you
the problem you are describing.
 
Hal
 

Hal Dorsman
Data Network Engineer
Blackfoot Telephone Cooperative
Missoula, Montana, USA
[email protected]

-----Original Message-----
From: Rob Michayluk [mailto:[email protected]]
Sent: Friday, September 22, 2000 2:17 PM
To: '[email protected]'; Rob Michayluk; [email protected]
Subject: RE: [FW1] NAT and DMZ routing

I've already done all of this and it's still not working properly.
I can even ping my firewall's external interface from the web server, but I can't get out to the internet on it.
Nor can anything on the internet access my webserver.
-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: September 22, 2000 12:33
To: Rob Michayluk; [email protected]
Subject: Re: [FW1] NAT and DMZ routing

You have to create an entry in local.arp for the outside IP address of the webserver and the MAC of your outside interface.
You then need to create a static route entry for that IP to the IP of the firewall-1 interface on your DMZ leg.
You then need to define a static NAT translation rule to change IP of webserver to the DMZ/outside IP depending on direction of traffic.
 
You can do the same for inside leg if you want your bastion accessible from your localnets.
----- Original Message -----
Sent: Friday, September 22, 2000 2:52 PM
Subject: [FW1] NAT and DMZ routing

Hi there,

I am having a problem with the DMZ setup that I am trying to implement and I hope to borrow some of everyone's expertise to help me solve this.

I have a FW-1 4.1 sp2 running on a Winnt 4.0 sp5 box. It has 3 interfaces:
External: Routable Address
Internal: 192.168.0.1 (255.255.255.0) (Hide NAT to the external address of the firewall)
DMZ: 172.16.0.1 (255.255.0.0)

I have a web server in the DMZ (172.16.0.5) and it's NATed to a static routable address.
I can hit the web server from both the firewall itself and the internal network but I cannot access it from the internet.

The ruleset is any any any accept and I don't see any drops or rejects in the logs at all. I've turned on every scrap of logging I could find. I've created an entry in the local.arp file (translated address to external MAC of the firewall) and added a persistent static route from the translated address to the internal address for the web server.

Is there something that I'm totally missing?
All help is greatly appreciated!


Rob Michayluk
Computing Network Services
ACD Systems Ltd.
[email protected]


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.