Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Hiding multiple servers behind 1 IP address

To: [email protected], [email protected]
Subject: RE: [FW1] Hiding multiple servers behind 1 IP address
From: [email protected]
Date: Thu, 5 Oct 2000 21:34:28 -0400
Cc: [email protected]
Sender: [email protected]

Hide mode only allows access out. You cannot initiate a connection outside
the firewall to an internal host when using Hide NAT. 
The user is looking for the firewall to forward packets to a defined server
when destined for the same address, and deciding that address by looking at
the destination port number.

Not a good solution.

Thomas Poole

-----Original Message-----
From: Jason Witty [mailto:[email protected]]
Sent: Thursday, October 05, 2000 1:28 PM
To: [email protected]
Cc: [email protected]
Subject: Re: [FW1] Hiding multiple servers behind 1 IP address



It's called hide-mode NAT in FW-1.  An example NAT rule would look like
this (obviously you need an access rule as well):

ORIGINAL PACKET			NATted PACKET
SOURCE		DEST		SOURCE		DEST
internal-net	ANY		hide-addr	ORIG

Hope this helps.

Jason

Todd Ginther wrote:
> 
> Hello All,
> 
> I haven't seen a FW-1 solution to something that I currently do with
another firewall product - that is to be able to advertise a single IP out
to the world (firewall external interface) and have the firewall direct
inbound Internet traffic to different internal servers based soley on which
port the firewall gets hit on.
> 
> Example:
> 
>   -Advertised IP address is abc.123.123.1
> 
>   -Traffic hits abc.123.123.1:18000 gets redirected
>    to an internal server, machine alpha.
> 
>   -Traffic hits abc.123.123.1:19500 gets redirected
>    to a different internal server, machine beta.
> 
> Any ideas?  I would prefer not to have to use up a bunch of IP's to do
one-to-one NAT.
> 
> Thanks in advance, all!
> 
> Regards,
> 
> -Todd
> 
> _____________________________________________________________
> Want a new web-based email account ? ---> http://www.firstlinux.net
> 
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] W2k beta GUI client ?
Next by Date: RE: [FW1] where do I get sp5?
Previous by thread: Re: [FW1] Hiding multiple servers behind 1 IP address
Next by thread: [FW1] where do I get sp5?
Index(es):
- Date
- Thread