Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Nat Confusion

To: "'Rodrick Brown'" <[email protected]>, [email protected]
Subject: RE: [FW1] Nat Confusion
From: "Little, Craig (SSI-GRPO52)" <[email protected]>
Date: Thu, 12 Oct 2000 12:32:51 +1300
Sender: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----Original Message-----
From: Rodrick Brown [mailto:[email protected]]
Sent: Thursday, 12 October 2000 1:05 p.m.
To: [email protected]
Subject: [FW1] Nat Confusion 

>When setting up NAT on cpfw 4.1 say I define my machine web1 with an
>internal ip of 192.168.10.2 and web1-external ip of 208.222.222.2

Sounds OK... I would use a static NAT for this.

>how does my system know to route 208.222.222.2 to 192.168.10.1 ??
>this is what is confusing me I followed the directions on
>phoneboy.com examples but im kind of lost here, for this kind of
>setup do I need to aliases 208.222.222.2 to my Firewall machine ??

What kind of machine? The Nokia allows you to enter static routes
from the Voyager interface, or in Windoze NT you would use 'route add
- -p <target-ip> MASK <mask> <gateway-ip>', etc...

>Sorry for the confusion.

>Im trying to accomplish this:

>www.foobar.com is my webserver its real ip on hme0 is 192.168.10.2
>How can I setup checkpoint to say if some one request a service on
>208.222.222.2 it routes the packet internally to 192.168.10.2

As above, it is a combination of the NAT rule and the routing
information on the gateway.

>Im also having problems when I install my rule my firewall is unable
>to communicate to the outside world what could be cuasing this i
>added the following rule to my security policy but it doesnt seem to
>work as one would think.

>src | des | ser | action | track
>firew any    any   accept   long 

I generally don't allow this, as I don't want people to have access
to the 'net from the firewall. If I need to install a service pack,
hotfix etc. then I do it from an internal machine and burn it to a
CD, and install from that. I use the firewall as a gateway and that
is all.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOeROY4AS1Tpq5ZYvEQLT5wCbBK8cIn3e8p0PMdDrX/xyFB+FrdwAoO0I
z6F0GFxPTM5Cwil2PO7MOPhw
=Gaat
-----END PGP SIGNATURE-----


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- RE: [FW1] Nat Confusion
  - From: Rodrick Brown <[email protected]>

Prev by Date: [FW1] Nat Confusion
Next by Date: RE: [FW1] Nat Confusion
Previous by thread: [FW1] Any DECNET FW software?
Next by thread: RE: [FW1] Nat Confusion
Index(es):
- Date
- Thread