[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] NAT question
Dear Mr. Rajesh, First of all, I am assuming that you are doing the NAT for the internal machines for accessing the Internet on the interface which is connected to your external router. Now, since the client for the connection is inside your firewall, the translation would happen only on the external interface, that too only after the spoofing and routing on the firewall kernel. Since you would like to connect to the Web server on the DMZ ( I am assuming that the DMZ is configured on one of the other interfaces of the firewall, apart from the internal and external interfaces ) from the internal network, the routing module sees the source IP as your internal IP and route it directly to your DMZ interface. As I mentioned before, the translation hasn't happened when the routing module comes into picture. Hence your configuration would work directly. No modifications are required. Regards S Shankara Narayanan > ---------- > From: Rajesh Bandar[SMTP:[email protected]] > Reply To: Rajesh Bandar > Sent: Wednesday, November 01, 2000 9:50 AM > To: [email protected] > Subject: [FW1] NAT question > > > Hi, > > I am running Cgeckpoint Firewall ver 4.0 on a solaris 2.6 machine. I need > to > configure NAT in such a way if anyone from our internal network accesses > the web > server on DMZ, it (web server on DMZ) should see the source IP address. At > the > same time if any one acceses internet from our internal network, > destination > server should see only one IP (translated IP). Is it possible to > configure. Any > help would be appreciated. > > Thanks, > Rajesh. > > > > ========================================================================== > ====== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ========================================================================== > ====== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|