Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] DMZ setup

To: "Olmstead, Frank M." <[email protected]>, [email protected]
Subject: RE: [FW1] DMZ setup
From: Chilton Tim <[email protected]>
Date: Mon, 4 Dec 2000 09:27:57 -0000
Sender: [email protected]

Frank,

A couple of things to check.

1. Have you hardened the Internet facing hosts - to reduce the probability
of attacks ? - Check out Lance's web site for information on how to do this.
http://www.enteract.com/~lspitz

2. Ensure that the internal networks don't overlap -I'm guessing that you
probably have a "255.255.255.0" subnet mask on the 192.168.x.y networks.

3. Have you NAT'ed the illegal 192.168.x.y addresses to a live Internet
address so that it's routable across the Internet - this is required as the
first Internet router you hit should discard all the RFC1918 addresses - of
which these are some.

You should use Static-NAT if the machine needs to be reached by other hosts
on the Internet or Hide-NAT if you only need the machine to reach other
systems on the Internet.

Note that Static-NAT address should also be listed in your provider's DNS to
allow other machines to do lookups.

4. Have you dded a static route both on your Internet router and firewall -
try pinging the Internet address from your Internet facing router.

5. Have you defined the right rules in the rules base to allow the
communication you need.


Cheers

Tim

-----Original Message-----
From: Olmstead, Frank M. [mailto:[email protected]]
Sent: 01 December 2000 18:33
To: [email protected]
Subject: [FW1] DMZ setup



Hi All,
 Can I get some assistance (or direction to a good web site) to set up a DMZ
on an NT Checkpoint FW-1 box ?

Some specifics are:
 NT machine with a 192.168.2.2 address is plugged into a hub off the 3rd NIC
on the FW.

 The 3rd NIC on the FW has a 192.168.2.1 address. 

 I can ping into the network, but not out to the Internet ?

Thanks!


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====
************************************************************************
The information in this email is confidential and is intended solely
for the addressee(s).
Access to this email by anyone else is unauthorised. If you are not
an intended recipient, you must not read, use or disseminate the
information contained in the email.
Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of
The Capital Markets Company.

http://www.capco.com
***********************************************************************



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Adapting rules from 4.0 to 4.1
Next by Date: [FW1] crack fw1 on win2000
Previous by thread: [FW1] DMZ setup
Next by thread: Re: [FW1] 4.1 SP2 Build Number??
Index(es):
- Date
- Thread