[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] More Nat Confusion
This looks right to me... So what is the log telling you? You don't mention the policy rule or what the log says. I guess we should assume an Accept in the logs? If so, then maybe your problem is with spoofing? If you are using spoofing, turn on logging so you can see any rejects generated from this. Having said that, the external address for the webserver needs to be in the allowed addresses on the interface connected to the webserver. Paul. -----Original Message----- From: Rodrick Brown [mailto:[email protected]] Sent: 19 October 2000 00:25 To: Little, Craig (SSI-GRPO52) Cc: [email protected] Subject: [FW1] More Nat Confusion This is the setup im going for. I know its bad lack of resources =( nothing I can do about it. (INTERNET) | 206.x network [ CPFW1 ] \ / [hub] | | 192.x network [DB1] [WEB1] |.......| 10.x network # Need fast www->db connectivity Routing Table: Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ------ --------- 206.65.184.34 192.168.254.101 UGH 0 10 Im trying to test my Nat Translation with checkpoint here in my office before we relocate to our CO and go live. Im having trouble getting the fw regognise the web server Im doing the following /usr/sbin/route add -host 206.65.184.34 192.168.254.101 # my webserver external and internal interface. /usr/sbin/arp -s 206.65.184.34 08:00:20:d0:e8:68 # my hme0 on the fw which will be connected to my router # telnet 206.65.184.34 80 telnet: unable to connect to remote host: Connection refused SRC DES SER|SRC DES SRV ANY www1-external ANY | = Orignal (s)web1-internal =Orignal Internal-Network ANY ANY | (H)fw1 = Orignal = Orignal That is my translation rules anyone can help me figure out how to check this locally. Right now I have 2 machines that are acting as internet users on 206.x interface trying to get to my webserver but for some reason im not able to connect not even get to the machine from the firewall itself maybe im doing something wrong someone please give me a helping hand. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== --------------------------------------------------------------------------------- This e-mail is intended only for the above addressee. It may contain privileged information. If you are not the addressee you must not copy, distribute, disclose or use any of the information in it. If you have received it in error please delete it and immediately notify the sender. evolvebank.com is a division of Lloyds TSB Bank plc. Lloyds TSB Bank plc, 71 Lombard Street, London EC3P 3BS. Registered in England, number 2065. Telephone No: 020 7626 1500 Lloyds TSB Scotland plc, Henry Duncan House, 120 George Street, Edinburgh EH2 4LH. Registered in Scotland, number 95237. Telephone No:Lloyds TSB Bank plc and Lloyds TSB Scotland plc are regulated by the Personal Investment Authority and represent only the Scottish Widows and Lloyds TSB Marketing Group for life assurance, pensions and investment business. Members of the UK Banking Ombudsman Scheme and signatories to the UK Banking Code. ---------------------------------------------------------------------------------- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|