|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] how to configure a virtual IP for a host behind the FW
Tong, You state your policy allows all packets through, and so the "route table issue" is not a problem. Unless you are using a Nokia appliance, you will still need to tell the IP stack to route the packet through to the correct network (routing happens prior to translation). route add [wss_virtual] mask 255.255.255.255 gateway [wss_real] And also include the wws_virtual in the valid addresses for the spoofing on the DMZ network interface. This assumes that you are seeing the packet getting to the firewall logs and that you can see the translation is happening. If not, then you probably have an ARPing issue, but it isn't clear how you have set up the virtual IP. Paul -----Original Message----- From: Sim, CT (Chee Tong) [mailto:[email protected]] Sent: 11 October 2000 08:34 To: '[email protected]'; '[email protected]' Cc: '[email protected]' Subject: [FW1] how to configure a virtual IP for a host behind the FW Hello.. Dear Friends, I really need your helps. We want to create a virtual IP for a host in the DMZ zone. Let me tell you FW setting first. Interface 1 : LOCAL net IP(A):57.200.165.10 and IP(B):57.200.165.20 Interface 2 : DMZ net IP(C):10.168.165.1 Interface 3 : Untrusted (not important) We have a WSS host sitting on the DMZ zone IP(D):10.168.165.1, and it is directly connected to (C) Our requirement: We need to PCAnywhere from the localnet to the WSS (D) using the virtual IP address on the Firewall interface IP (A), as we don't want to let other people to know WSS real IP. Can it be done? What we had tried: We telnet the target to (A), and for (A) we configured its static NAT to transform to (D). Assume our policy can let every packet pass thru, and ignore route table issue. But what we get is still the firewall, the packet just stop at A and won't carry on to D. Can you help me? How to telnet to D using A's IP What is the configuration like. Thank you very much, Tong -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Wednesday, October 11, 2000 2:28 PM To: [email protected] Subject: [FW1] Two Routers connected to two different ISP's Hi all, We have two routers connected to two different ISP's. Now we want to consolidate both links bandwidth and route it through the Checkpoint Firewall. We have taken checkping enterprise license. In this case .. 1. Is that I have to use two NIC's on the Firewall and register two IP's with Checkpoint. 2. If I do as I have mentioned in Point 1, is that I have to do Natting from my Internal network to both the external interfaces (two Nics). regs sathish m r ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================== De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. ================================================================== The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. ================================================================== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ----------------------------------------------------------------------------------------------------------------------- This e-mail is intended only for the above addressee. It may contain privileged information. If you are not the addressee you must not copy, distribute, disclose or use any of the information in it. If you have received it in error please delete it and immediately notify the sender. evolvebank.com is a division of Lloyds TSB Bank plc. Lloyds TSB Bank plc, 71 Lombard Street, London EC3P 3BS. Registered in England, number 2065. Telephone No: 020 7626 1500 Lloyds TSB Scotland plc, Henry Duncan House, 120 George Street, Edinburgh EH2 4LH. Registered in Scotland, number 95237. Telephone No:Lloyds TSB Bank plc and Lloyds TSB Scotland plc are regulated by the Personal Investment Authority and represent only the Scottish Widows and Lloyds TSB Marketing Group for life assurance, pensions and investment business. Members of the UK Banking Ombudsman Scheme and signatories to the UK Banking Code. ----------------------------------------------------------------------------------------------------------------------- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
