Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] problems setting up a NAT

To: "'Stephen Hunt'" <[email protected]>
Subject: RE: [FW1] problems setting up a NAT
From: Elmar van Mourik <[email protected]>
Date: Wed, 10 Jan 2001 11:33:12 +0100
Cc: "Fw-1-Mailinglist (E-mail)" <[email protected]>
Sender: [email protected]

Hello Stephen,

I think a ping (or traceroute) is something else than an telnet on port 25
(or smtp). 
At my site I had more or less the same problem. I could make a connection
(telnet on port 25) from the inside mailserver to the mail relay host on the
outside but not the other way around. Ping worked fine.

Only after setting up a static route for the mail server on my router I
could get an smtp connection from the outside to the inside.

In your situation the static route (on the router) would look something like
this:

host               mask               next hop
206.105.231.219    255.255.255.255    206.105.231.218

On my router it was impossible to set a static route in the same network
(248-subnet) so I had to split the network in two and put the router in a
252 subnet.

I haven't seen any arp entries get broadcasted to the router, but that may
be depending on the router configuration.

Elmar van Mourik
ZHEW System Management


> -----Original Message-----
> From: Stephen Hunt [mailto:[email protected]]
> Sent: Tuesday, January 09, 2001 4:39 PM
> To: Elmar van Mourik
> Subject: Re: [FW1] problems setting up a NAT
> 
> 
> Elmar van Mourik wrote:
> > 
> > Create a static route to your internal mailserver on your 
> router between the
> > FW and the internet.
> > 
> > Elmar van Mourik
> > ZHEW System Management
> > 
> 
> Hello Elmar,
> 
> I hope that it's ok to email you directly - when I use an internet
> traceroute gateway to do a traceroute, it does get to the firewall:
> 
> traceroute to 206.105.231.219 (206.105.231.219), 30 hops max, 38 byte
> packets
>  1  198.144.200.129  1.441 ms  1.058 ms  1.126 ms
>  2  198.144.202.217  41.671 ms  25.561 ms  35.751 ms
>  3  198.144.200.1  8.280 ms  31.850 ms  8.890 ms
>  4  209.249.210.4  34.401 ms  36.708 ms  50.325 ms
>  5  209.133.31.153  124.643 ms  68.739 ms  58.142 ms
>  6  207.126.96.65  30.602 ms  29.862 ms  30.906 ms
>  7  216.200.0.90  36.717 ms  48.927 ms  29.107 ms
>  8  207.45.223.74  74.388 ms  82.221 ms  77.698 ms
>  9  64.86.80.209  81.568 ms  81.875 ms  69.417 ms
> 10  207.45.222.189  145.609 ms  177.616 ms  148.470 ms
> 11  207.45.220.163  122.003 ms  233.274 ms *
> 12  207.45.208.238  264.179 ms 207.45.208.226  216.268 ms
> 207.45.208.238  221.150 ms
> 13  * 196.3.74.242  225.678 ms  167.847 ms
> 14  206.105.231.218  268.545 ms *  203.836 ms
> 15  206.105.231.219  198.681 ms  199.201 ms  202.227 ms
> 
> 206.105.231.218 is the firewall, and 206.105.231.219 is the valid IP
> of the mail server, which is supposed to be NAT'd.  However, I cannot
> ping the IP, which confuses me, and of course I cannot get email
> through.
> 
> Doesn't the static arp entry on the firewall with the IP/MAc get
> broadcasted 
> to the upstream router?  We don't have a full Class C; the netmask is
> 255.255.255.248, but I think they have routes for us already, but I
> haven't
> called them yet.
> 
> Thanks for your help!
> 

------------------------------ 
Dit e-mailbericht is uitsluitend bestemd voor de geadresseerde(n). Indien de
e-mail bij vergissing bij u terecht is gekomen, wilt u ons dan berichten via
[email protected]? Wij verzoeken u in dit geval de e-mail te vernietigen,
de inhoud ervan niet te gebruiken en niet onder derden te verspreiden, omdat
het bericht vertrouwelijke informatie kan bevatten. Aan dit bericht kunnen
geen rechten worden ontleend inzake contractuele of wettelijke
verplichtingen. Een opdracht of beschikking wordt alleen per post verzonden
en ondertekend door daartoe bevoegd(e) perso(o)nen. 

This e-mail message is intended exclusively for the addressee. If the e-mail
was sent to you by mistake, would you please contact us at
[email protected]? In that case, we also request you to destroy the e-mail
and to neither use the contents or disclose them in any manner to third
parties, because the message can contain confidential information. This
message can not lead to any contractual or legal obligation. ZHEW only order
products and send official decisions on their official (hard copy) documents
that are signed by authorised personnel only. 

Zuiveringsschap Hollandse Eilanden en Waarden, Dordrecht 
tel: +31 (0)78 6397100 
fax: +31 (0)78 6311871 
web: http://www.zhew.nl


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Solaris 2.7 core install and fw module
Next by Date: [FW1] NBT and NAT
Previous by thread: RE: [FW1] problems setting up a NAT
Next by thread: [FW1] NATing the Management Server
Index(es):
- Date
- Thread