NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] NAT question

Dear Mr. Rajesh,

First of all, I am assuming that you are doing the NAT for the internal
machines for accessing the Internet on the interface which is connected to
your external router. Now, since the client for the connection is inside
your firewall, the translation would happen only on the external interface,
that too only after the spoofing and routing on the firewall kernel.

Since you would like to connect to the Web server on the DMZ ( I am assuming
that the DMZ is configured on one of the other interfaces of the firewall,
apart from the internal and external interfaces ) from the internal network,
the routing module sees the source IP as your internal IP and route it
directly to your DMZ interface. As I mentioned before, the translation
hasn't happened when the routing module comes into picture.

Hence your configuration would work directly. No modifications are required.


Regards

S Shankara Narayanan



> ----------
> From: 	Rajesh Bandar[SMTP:[email protected]]
> Reply To: 	Rajesh Bandar
> Sent: 	Wednesday, November 01, 2000 9:50 AM
> To: 	[email protected]
> Subject: 	[FW1] NAT question
> 
> 
> Hi,
> 
> I am running Cgeckpoint Firewall ver 4.0 on a solaris 2.6 machine. I need
> to 
> configure NAT in such a way if anyone from our internal network accesses
> the web 
> server on DMZ, it (web server on DMZ) should see the source IP address. At
> the 
> same time if any one acceses internet from our internal network,
> destination 
> server should see only one IP (translated IP). Is it possible to
> configure. Any 
> help would be appreciated.
> 
> Thanks,
> Rajesh.
> 
> 
> 
> ==========================================================================
> ======
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.