Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Thank you..

To: "'Tom Sevy'" <[email protected]>, "'[email protected]'" <[email protected]>, "'Rebecca Richards'" <[email protected]>
Subject: [FW1] Thank you..
From: "Sim, CT (Chee Tong)" <[email protected]>
Date: Mon, 30 Oct 2000 10:28:57 +0800
Sender: [email protected]

Thank you for you all to solve my fake address problem, I found the problem
is due to the valid address rule in the firewall DMZ interface.  

Thank you so much
Tong
-
-----Original Message-----
From: Sim, CT (Chee Tong) [mailto:[email protected]]
Sent: Sunday, October 22, 2000 10:42 PM
To: 'Didier Arenzana'; 'Rodney Lacroix';
'[email protected]'
Subject: RE: [FW1] The problem that we have for long time, pls
help-pictur e and expl aination attached

Hi.. Thank you very much for your info, I appreciate that. :) However I want
to check with u about the rule I had implemented, the rest, I followed your
instruction.

The rule as follow
          Source     Des          Service   Action
Rule  9:  Any      55.55.55.200   Any       Accept
Rule 10:  Any      10.10.10.68    Any       Accept

Is that correct?  

But when I ping 55.55.55.200 from my PC 55.55.55.100, it still show me the
destination not reachable, then I check the log and found some thing funny
as shown

Int   Origin  Action    Source      Dest          Protocol Rule XlateSrc
XlateDst
hme1    Fw    Accept  55.55.55.100  55.55.55.200  ICMP      9   55.55.55.100
10.168.3.68
hme2    Fw    Reject  55.55.55.100  55.55.55.200  ICMP      0   55.55.55.100
10.168.3.68

What is rule 0??  I never specify rule 0, all rules start from 1?  Why it
reject the something again in rule 0?

Pls clarify me.
Tong

-----Original Message-----
From: Didier Arenzana [mailto:[email protected]]
Sent: Saturday, October 21, 2000 3:01 AM
To: Sim, CT (Chee Tong); 'Rodney Lacroix';
'[email protected]'
Subject: Re: [FW1] The problem that we have for long time, pls
help-picture and expl aination attached

Hi,

1) ARP. Your ARP entry is correct.

2) NAT Rules.
  You want your 10.10.10.68 Workstation to be seen as 55.55.55.200.
The following will do (static):
Src IP       Dest IP      Serv    Xl Src    Xl Dest
Any          55.55.55.200 Any     Orig      10.10.10.68 (s)
The above means: if a packet arrives with any src ip, a dest ip of
55.55.55.200 to any service, xlate it to its orig src ip, and dest ip
of 10.10.10.68. This rule will be used when any workstation tries to
contact 55.55.55.200.

Src IP       Dest IP     Serv  Xl Src          Xl Dest
10.10.10.68  Any         Any   55.55.55.200(s) orig
This rule will be used for the return packets.

3) Routing.
Routing is done BEFORE NAT. So you should tell your OS that if a packet
 must be routed to 55.55.55.200, it must go through gateway
10.10.10.68.
The following command will do:
route add 55.55.55.200 10.10.10.68 1 (on Solaris... I'm a Unix admin. I
use NT only for GUIs)

With this configuration, it should work.

PS: Please use ASCII art to write your diagram next time, it's quite
time-consuming to have to open word or a .doc viewer to read your
message.

--- "Sim, CT (Chee Tong)" <[email protected]> a écrit : >
Dear all,
> 
> I need to access a WSS server on the DMZ zone using a fake address on
> my
> localnet.  Full explaination and picture are shown in the attachment
> below.
> Picture is simple, pls take a look and help me.
> 
> Thank you very much
> Tong
>  

___________________________________________________________
Do You Yahoo!? -- Pour dialoguer en direct avec vos amis, 
Yahoo! Messenger : http://fr.messenger.yahoo.com

============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====

=================================================================De
informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
=================================================================The
information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.

=================================================================

De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Memory leak
Next by Date: [FW1] how to change the security policy admin password and TCP timeout question
Previous by thread: [FW1] Unable to run fw internalca to enable Hybrid IKE authentication
Next by thread: [FW1] how to change the security policy admin password and TCP timeout question
Index(es):
- Date
- Thread