NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] how to configure a virtual IP for a host behind the FW



Hi.. Rebecca,

Thanks for your reply, Sorry for disturbing you again. I am not clever enuff
to fully understand your method.  Pls guide me again if you are free,don't
laugh at me if I made any stupid assumption

1)One way of doing this is to assign an IP address on the Local Net for
the WSS machine

You mean we got to assign 57.200.165.X IP to WSS machine, point (D)Is it?
Then what address should I assign the Firewall interface, point (A) that
face to the local net.

which IP is real and which IP is Fake now? 


2)have the firewall ARP that IP address to the machines on the Local Net,

you mean set ARP in the firewall to map "that IP", that IP is refer to WSS
57.198.165.X (WSS) is it?  then map that IP to every machines physical
address on the local net?

How can it be done?  

At last, I would like to ask, what address should we telnet to? Point D or
A? 

    



-----Original Message-----
From: Rebecca Richards [mailto:[email protected]]
Sent: Wednesday, October 11, 2000 4:47 PM
To: Sim, CT (Chee Tong)
Subject: Re: [FW1] how to configure a virtual IP for a host behind the
FW


Hi Tong,

"Sim, CT (Chee Tong)" wrote:

> I really need your helps. We want to create a virtual IP for a host in the
> DMZ zone.  Let me tell you FW setting first.
> 
> Interface 1 : LOCAL net   IP(A):57.200.165.10 and IP(B):57.200.165.20
> Interface 2 : DMZ net     IP(C):10.168.165.1
> Interface 3 : Untrusted (not important)
> We have a WSS host sitting on the DMZ zone IP(D):10.168.165.1, and it is
> directly connected to (C)

Ok.  You want to "hide" the WSS server from those on the Local Net.

One way of doing this is to assign an IP address on the Local Net for
the WSS machine, have the firewall ARP that IP address to the machines
on the Local Net, have a route on the firewall saying "route this fake
IP address to the real WSS address", set up a rule allowing access to
the fake IP from Local Net, and set up static NAT rules to change the
fake IP to the real IP and vice-versa.

> What we had tried: We telnet the target to (A), and for (A) we configured
> its static NAT to transform to (D). Assume our policy can let every packet
> pass thru, and ignore route table issue.  But what we get is still the
> firewall, the packet just stop at A and won't carry on to D. 

==================================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
==================================================================
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.


==================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.