Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Nat Confusion

To: "'Rodrick Brown'" <[email protected]>, [email protected]
Subject: RE: [FW1] Nat Confusion
From: "Goldoff, Erik" <[email protected]>
Date: Thu, 19 Oct 2000 15:45:40 -0400
Sender: [email protected]

maybe late, sorry, but

1) In NAT tab on workstation object set to static and 208.222.222.2
2) In ARP (presuming NT)  %windir%\FW1\4.1\state\local.arp set IP address of
public address to MAC of FW public interface
3) Set rule in Policy Editor allowing traffic to/from NATted object
4) Set static route (presuming NT) route add -p 208.222.222.2 mask
255.255.255.255 192.168.10.1 (presuming .1 is firewall private)

Erik Goldoff
Systems Manager
The HoneyBaked Ham [email protected]



-----Original Message-----
From: Rodrick Brown [mailto:[email protected]]
Sent: Wednesday, October 11, 2000 8:05 PM
To: [email protected]
Subject: [FW1] Nat Confusion 




When setting up NAT on cpfw 4.1 say I define my machine web1 with an
internal ip of 192.168.10.2 and web1-external ip of 208.222.222.2

how does my system know to route 208.222.222.2 to 192.168.10.1 ??
this is what is confusing me I followed the directions on phoneboy.com
examples but im kind of lost here, for this kind of setup do I need to
aliases 208.222.222.2 to my Firewall machine ??

Sorry for the confusion.

Im trying to accomplish this:

www.foobar.com is my webserver its real ip on hme0 is 192.168.10.2
How can I setup checkpoint to say if some one request a service on
208.222.222.2 it routes the packet internally to 192.168.10.2


Im also having problems when I install my rule my firewall is unable to
communicate to the outside world what could be cuasing this i added the
following rule to my security policy but it doesnt seem to work as one
would think.

src | des | ser | action | track
firew any    any   accept   long 





============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] stopping AOL instant messenger
Next by Date: [FW1] Upgrade from 4.0 to 2000?
Previous by thread: [FW1] More Nat Confusion
Next by thread: RE: [FW1] bloomberg services
Index(es):
- Date
- Thread