NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] fwxlconf not un-NAT'ing addresses



On Tue, 28 Nov 2000 [email protected] wrote:

> Kirk,
> 
> I hope this isn't too basic, but did you re-compile the rules after the 
> change?
> I've made this mistake myself, so now I always keep it in mind when I do 
> NAT changes. Good luck.

Ugh.  Yep, that was it.

Thanx much Harley...

	- Kirk

> 
> Kirk Vogelsang <[email protected]> on 11/28/2000 01:31:56 PM
> 
> To:   [email protected]
> cc:    (bcc: Harley S. Sanders/BAIS/BAReston)
> 
> Subject:  [FW1] fwxlconf not un-NAT'ing addresses
> 
> 
> 
> 
> 
> I'm having some trouble trying to un-NAT some addresses on
> FW-1 4.0 Solaris using fwxlconf.
> 
> The addresses in question are:
> 
>   10.10.30.65
>   10.10.100.34
>   10.10.100.35
> 
> Those addresses were getting translated before.  Now, I'd like
> for them to stay as is without xlation.
> 
> Here's what my xlate.conf looks like (with bogus IP's):
> 
> fwx_translation={
>    <0, 10.10.102.2, 10.10.102.254, FWXT_DST_STATIC, 172.16.37.2, 0>,
>    <1, 10.10.103.2, 10.10.103.254, FWXT_DST_STATIC, 172.16.38.2, 0>,
>    <2, 172.16.37.2, 172.16.37.254, FWXT_SRC_STATIC, 10.10.102.2, 0>,
>    <3, 172.16.38.2, 172.16.38.254, FWXT_SRC_STATIC, 10.10.103.2, 0>,
>    <4, 10.10.30.65, 10.10.30.65, FWXT_SRC_STATIC, 10.10.30.65, 0>,
>    <5, 10.10.100.34, 10.10.100.34, FWXT_SRC_STATIC, 10.10.100.34, 0>,
>    <6, 10.10.100.35, 10.10.100.35, FWXT_SRC_STATIC, 10.10.100.35, 0>,
>    <7, 10.10.2.0, 10.10.9.32, FWXT_HIDE, 10.10.11.11, 0>,
>    <8, 10.10.9.34, 10.10.11.10, FWXT_HIDE, 10.10.11.11, 0>,
>    <9, 10.10.11.12, 10.10.30.4, FWXT_HIDE, 10.10.11.11, 0>,
>    <10, 10.10.30.6, 10.10.30.8, FWXT_HIDE, 10.10.11.11, 0>,
>    <11, 10.10.30.10, 10.10.30.19, FWXT_HIDE, 10.10.11.11, 0>,
>    <12, 10.10.30.21, 10.10.30.54, FWXT_HIDE, 10.10.11.11, 0>,
>    <13, 10.10.30.56, 10.10.30.56, FWXT_HIDE, 10.10.11.11, 0>,
>    <14, 10.10.30.58, 10.10.30.70, FWXT_HIDE, 10.10.11.11, 0>,
>    <15, 10.10.30.72, 10.10.30.129, FWXT_HIDE, 10.10.11.11, 0>,
>    <16, 10.10.30.130, 10.10.30.130, FWXT_HIDE, 10.10.9.50, 0>,
>    <17, 10.10.30.131, 10.10.101.255, FWXT_HIDE, 10.10.11.11, 0>,
>    <18, 10.10.105.3, 10.10.148.255, FWXT_HIDE, 10.10.11.11, 0>
> };
> 
> The old xlate.conf was identical, minus #'s 4, 5 and 6.
> I've also tried punching holes in the ranges to exclude the 3 addresses
> above, rather than using the SRC_STATIC, but that didn't work either.
> 
> After making the changes, I've fwstop'd and fwstart'd and even
> rebooted the firewall, but no deal.  They still get NAT'd to
> 10.10.11.11.
> 
> I've never had this much trouble before.  Anyone have any ideas
> as to what I might be missing?
> 
> -----
> Kirk M. Vogelsang <[email protected]>
> Northeastern University College of Computer Science
> 
> 
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================
> 
> 
> 
> 
> 
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================
> 

-----
Kirk M. Vogelsang <[email protected]>
Northeastern University College of Computer Science



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.