Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] fwxlconf not un-NAT'ing addresses

To: Kirk Vogelsang <[email protected]>
Subject: Re: [FW1] fwxlconf not un-NAT'ing addresses
From: [email protected]
Date: Tue, 28 Nov 2000 16:09:02 -0500
Cc: [email protected]
Sender: [email protected]



Kirk,

I hope this isn't too basic, but did you re-compile the rules after the change?
I've made this mistake myself, so now I always keep it in mind when I do NAT
changes. Good luck.

Harley




Kirk Vogelsang <[email protected]> on 11/28/2000 01:31:56 PM

To:   [email protected]
cc:    (bcc: Harley S. Sanders/BAIS/BAReston)

Subject:  [FW1] fwxlconf not un-NAT'ing addresses





I'm having some trouble trying to un-NAT some addresses on
FW-1 4.0 Solaris using fwxlconf.

The addresses in question are:

  10.10.30.65
  10.10.100.34
  10.10.100.35

Those addresses were getting translated before.  Now, I'd like
for them to stay as is without xlation.

Here's what my xlate.conf looks like (with bogus IP's):

fwx_translation={
   <0, 10.10.102.2, 10.10.102.254, FWXT_DST_STATIC, 172.16.37.2, 0>,
   <1, 10.10.103.2, 10.10.103.254, FWXT_DST_STATIC, 172.16.38.2, 0>,
   <2, 172.16.37.2, 172.16.37.254, FWXT_SRC_STATIC, 10.10.102.2, 0>,
   <3, 172.16.38.2, 172.16.38.254, FWXT_SRC_STATIC, 10.10.103.2, 0>,
   <4, 10.10.30.65, 10.10.30.65, FWXT_SRC_STATIC, 10.10.30.65, 0>,
   <5, 10.10.100.34, 10.10.100.34, FWXT_SRC_STATIC, 10.10.100.34, 0>,
   <6, 10.10.100.35, 10.10.100.35, FWXT_SRC_STATIC, 10.10.100.35, 0>,
   <7, 10.10.2.0, 10.10.9.32, FWXT_HIDE, 10.10.11.11, 0>,
   <8, 10.10.9.34, 10.10.11.10, FWXT_HIDE, 10.10.11.11, 0>,
   <9, 10.10.11.12, 10.10.30.4, FWXT_HIDE, 10.10.11.11, 0>,
   <10, 10.10.30.6, 10.10.30.8, FWXT_HIDE, 10.10.11.11, 0>,
   <11, 10.10.30.10, 10.10.30.19, FWXT_HIDE, 10.10.11.11, 0>,
   <12, 10.10.30.21, 10.10.30.54, FWXT_HIDE, 10.10.11.11, 0>,
   <13, 10.10.30.56, 10.10.30.56, FWXT_HIDE, 10.10.11.11, 0>,
   <14, 10.10.30.58, 10.10.30.70, FWXT_HIDE, 10.10.11.11, 0>,
   <15, 10.10.30.72, 10.10.30.129, FWXT_HIDE, 10.10.11.11, 0>,
   <16, 10.10.30.130, 10.10.30.130, FWXT_HIDE, 10.10.9.50, 0>,
   <17, 10.10.30.131, 10.10.101.255, FWXT_HIDE, 10.10.11.11, 0>,
   <18, 10.10.105.3, 10.10.148.255, FWXT_HIDE, 10.10.11.11, 0>
};

The old xlate.conf was identical, minus #'s 4, 5 and 6.
I've also tried punching holes in the ranges to exclude the 3 addresses
above, rather than using the SRC_STATIC, but that didn't work either.

After making the changes, I've fwstop'd and fwstart'd and even
rebooted the firewall, but no deal.  They still get NAT'd to
10.10.11.11.

I've never had this much trouble before.  Anyone have any ideas
as to what I might be missing?

-----
Kirk M. Vogelsang <[email protected]>
Northeastern University College of Computer Science



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================






================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- Re: [FW1] fwxlconf not un-NAT'ing addresses
  - From: Kirk Vogelsang <[email protected]>

Prev by Date: Re: [FW1] proxy server
Next by Date: Re: [FW1] Date: Tue, 28 Nov 2000 13:56:48 -0600
Previous by thread: [FW1] fwxlconf not un-NAT'ing addresses
Next by thread: Re: [FW1] fwxlconf not un-NAT'ing addresses
Index(es):
- Date
- Thread