[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] problems setting up a NAT
Create a static route to your internal mailserver on your router between the FW and the internet. Elmar van Mourik ZHEW System Management > -----Original Message----- > From: Stephen Hunt [mailto:[email protected]] > Sent: Monday, January 08, 2001 3:08 PM > To: [email protected] > Subject: [FW1] problems setting up a NAT > > > > Hello all, > > I am trying to setup a NAT for an internal mail server. My existing > policy > covers outbound connections from the mail server out to the internet, > but I cannot reach it from the internet back inside. I followed the > documentation on setting up a static NAT, creating an object for the > internal mail server and also for the external interface. The real IP > is different from the external IP of the firewall, so I was sure to > put in the recommended arp statement so the router upstream will know > how to get to it. So, now I can route to it, but I can't get anything > through the firewall inside to the mail server. Here's what my policy > basically looks like: > > 1 Source: <mailserver-internal, with static NAT to external> > Destination: Any > Services: Any > Action: accept > Install on: Gateways > > 2 Source: <entire internal network> > Destination: Any > Services: Any > Action: accept > Install on: Gateways > > 3 Source: Any > Destination: <mailserver-external, with static NAT to internal> > Services: Any > Action: accept > Install on: Gateways > > 4 Source: Any > Destination: Any > Services: Any > Action: drop > Install on: Gateways > > Is this correct? Of course I'll tighten down the services > later, but I > want to make sure it works first. On top of this I have added a route > as such: > > route add <external IP of mailserver> <internal IP> 1 > > and updated the arp table with <external IP of mail server> with > <external MAC > address of fw>. The external IP of the mail server is different from > the > external IP of the firewall. > > This ought to be simple, right? Also, I don't have split-DNS on the > firewall > yet, but that shouldn't affect this basic routing/NAT config? > > Well, this is driving me nuts, I hope you guys can help. > > Thanks! > > > ============================================================== > ================== > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================== > ================== > ------------------------------ Dit e-mailbericht is uitsluitend bestemd voor de geadresseerde(n). Indien de e-mail bij vergissing bij u terecht is gekomen, wilt u ons dan berichten via [email protected]? Wij verzoeken u in dit geval de e-mail te vernietigen, de inhoud ervan niet te gebruiken en niet onder derden te verspreiden, omdat het bericht vertrouwelijke informatie kan bevatten. Aan dit bericht kunnen geen rechten worden ontleend inzake contractuele of wettelijke verplichtingen. Een opdracht of beschikking wordt alleen per post verzonden en ondertekend door daartoe bevoegd(e) perso(o)nen. This e-mail message is intended exclusively for the addressee. If the e-mail was sent to you by mistake, would you please contact us at [email protected]? In that case, we also request you to destroy the e-mail and to neither use the contents or disclose them in any manner to third parties, because the message can contain confidential information. This message can not lead to any contractual or legal obligation. ZHEW only order products and send official decisions on their official (hard copy) documents that are signed by authorised personnel only. Zuiveringsschap Hollandse Eilanden en Waarden, Dordrecht tel: +31 (0)78 6397100 fax: +31 (0)78 6311871 web: http://www.zhew.nl ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|