NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] NAT question



hi rajesh,

why would you require  a NAT on internal interface. you should be defining
NAT on the external interface and NAT the whole of the internal network to
some IP. and leave the web server in the DMZ on the valid IP. assuming that
you have the web server on DMZ connected to other interface of the firewall.

with this when u access any external web servers from internal network the
source IP will go as yr NATed IP address. whereas when you access your web
server(in DMZ) from the internal network it will go with your real IP of the
PC.

unless you have a specific reason of putting a NAT on internal interface of
the firewall. basically you need to first define what do you want to hide
and from which side.

regards

anil bhelkar
[email protected]

----- Original Message -----
From: Rajesh Bandar <[email protected]>
To: <[email protected]>
Sent: Wednesday, November 01, 2000 11:48 AM
Subject: Re: [FW1] NAT question


> Hi Anil,
>
> Actually we are doing the NAT on the interface which is connected to the
> internal router not external router. Our internal router IP is 172.16.0.1.
So If
> I access the Internet from my PC (my PC Ip is 172.16.0.6), Internet  sees
the
> source IP as 202.0.106.130. DMZ is configured on one of the other
interfaces.
> So the web server running on DMZ sees the source IP as 202.0.106.130 not
as
> 172.16.0.6.
>
> Thanks,
> Rajesh.
>
> > From: "Anil Bhelkar" <[email protected]>
> > To: "Rajesh Bandar" <[email protected]>
> > Subject: Re: [FW1] NAT question
> > Date: Wed, 1 Nov 2000 11:18:13 +0530
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 7bit
> > X-Priority: 3
> > X-MSMail-Priority: Normal
> > X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
> >
> > Hi Rajesh,
> >
> > this is precisely it will work. no modification is reqd. NAT will work
for
> > all the traffic on the external interface. internal to DMZ will work
> > directly. shankar narayanan's reply is to the point. i hope it answers
yr
> > query.
> >
> > regards
> >
> > anil bhelkar
> > [email protected]
> >
> > ----- Original Message -----
> > From: Rajesh Bandar <[email protected]>
> > To: <[email protected]>
> > Sent: Wednesday, November 01, 2000 11:01 AM
> > Subject: Re: [FW1] NAT question
> >
> >
> > > Hi Anil,
> > >
> > > I know how to configure NAT. But I need to configure something
like......I
> > > better give you an example.
> > >
> > > My PC is in the local network and the IP address is 172.16.0.6. If I
> > access
> > > a web server on DMZ (192.231.59.37), Web server should know that I am
> > coming
> > > from 172.16.0.6.
> > >
> > > But if I access a web site on the internet like
http://www.hotmail.com/,
> > the web
> > > server (hotmail web server) should know the source IP as
> > 202.0.106.135(NAT) not
> > > as 172.16.0.6.
> > >
> > > Basically I want the firewall to do NAT only if I access the internet
but
> > not
> > > when I access the local LAN or DMZ. Is it possible?
> > >
> > > Thanks,
> > > Rajesh.
> > >
> > >
> > >
> > >
> > > > From: "Anil Bhelkar" <[email protected]>
> > > > To: "Rajesh Bandar" <[email protected]>,
> > > <[email protected]>
> > > > Subject: Re: [FW1] NAT question
> > > > Date: Wed, 1 Nov 2000 10:24:52 +0530
> > > > MIME-Version: 1.0
> > > > Content-Transfer-Encoding: 7bit
> > > > X-Priority: 3
> > > > X-MSMail-Priority: Normal
> > > > X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
> > > >
> > > > this is how NAT is suppose to work.
> > > > regards
> > > >
> > > > anil bhelkar
> > > > [email protected]
> > > >
> > > > This communication is for the exclusive use of  the intended
> > receipient/s
> > > > and shall not attach any liability on the originator. It may contain
> > > > information which is confidential and legally priviledged and the
same
> > shall
> > > > not be used or dealt with by any third party in whatsover manner.
> > > > ----- Original Message -----
> > > > From: Rajesh Bandar <[email protected]>
> > > > To: <[email protected]>
> > > > Sent: Wednesday, November 01, 2000 9:50 AM
> > > > Subject: [FW1] NAT question
> > > >
> > > >
> > > > >
> > > > > Hi,
> > > > >
> > > > > I am running Checkpoint Firewall ver 4.0 on a solaris 2.6 machine.
I
> > need
> > > > to
> > > > > configure NAT in such a way if anyone from our internal network
> > accesses
> > > > the web
> > > > > server on DMZ, it (web server on DMZ) should see the source IP
> > address. At
> > > > the
> > > > > same time if any one acceses internet from our internal network,
> > > > destination
> > > > > server should see only one IP (translated IP). Is it possible to
> > > > configure. Any
> > > > > help would be appreciated.
> > > > >
> > > > > Thanks,
> > > > > Rajesh.
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> >
============================================================================
> > > > ====
> > > > >      To unsubscribe from this mailing list, please see the
> > instructions at
> > > > >                http://www.checkpoint.com/services/mailing.html
> > > > >
> > > >
> >
============================================================================
> > > > ====
> > > >
> >



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.