[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] fwxlconf not un-NAT'ing addresses
I'm having some trouble trying to un-NAT some addresses on FW-1 4.0 Solaris using fwxlconf. The addresses in question are: 10.10.30.65 10.10.100.34 10.10.100.35 Those addresses were getting translated before. Now, I'd like for them to stay as is without xlation. Here's what my xlate.conf looks like (with bogus IP's): fwx_translation={ <0, 10.10.102.2, 10.10.102.254, FWXT_DST_STATIC, 172.16.37.2, 0>, <1, 10.10.103.2, 10.10.103.254, FWXT_DST_STATIC, 172.16.38.2, 0>, <2, 172.16.37.2, 172.16.37.254, FWXT_SRC_STATIC, 10.10.102.2, 0>, <3, 172.16.38.2, 172.16.38.254, FWXT_SRC_STATIC, 10.10.103.2, 0>, <4, 10.10.30.65, 10.10.30.65, FWXT_SRC_STATIC, 10.10.30.65, 0>, <5, 10.10.100.34, 10.10.100.34, FWXT_SRC_STATIC, 10.10.100.34, 0>, <6, 10.10.100.35, 10.10.100.35, FWXT_SRC_STATIC, 10.10.100.35, 0>, <7, 10.10.2.0, 10.10.9.32, FWXT_HIDE, 10.10.11.11, 0>, <8, 10.10.9.34, 10.10.11.10, FWXT_HIDE, 10.10.11.11, 0>, <9, 10.10.11.12, 10.10.30.4, FWXT_HIDE, 10.10.11.11, 0>, <10, 10.10.30.6, 10.10.30.8, FWXT_HIDE, 10.10.11.11, 0>, <11, 10.10.30.10, 10.10.30.19, FWXT_HIDE, 10.10.11.11, 0>, <12, 10.10.30.21, 10.10.30.54, FWXT_HIDE, 10.10.11.11, 0>, <13, 10.10.30.56, 10.10.30.56, FWXT_HIDE, 10.10.11.11, 0>, <14, 10.10.30.58, 10.10.30.70, FWXT_HIDE, 10.10.11.11, 0>, <15, 10.10.30.72, 10.10.30.129, FWXT_HIDE, 10.10.11.11, 0>, <16, 10.10.30.130, 10.10.30.130, FWXT_HIDE, 10.10.9.50, 0>, <17, 10.10.30.131, 10.10.101.255, FWXT_HIDE, 10.10.11.11, 0>, <18, 10.10.105.3, 10.10.148.255, FWXT_HIDE, 10.10.11.11, 0> }; The old xlate.conf was identical, minus #'s 4, 5 and 6. I've also tried punching holes in the ranges to exclude the 3 addresses above, rather than using the SRC_STATIC, but that didn't work either. After making the changes, I've fwstop'd and fwstart'd and even rebooted the firewall, but no deal. They still get NAT'd to 10.10.11.11. I've never had this much trouble before. Anyone have any ideas as to what I might be missing? ----- Kirk M. Vogelsang <[email protected]> Northeastern University College of Computer Science ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|