RE: [FW1] NAT Problem in CP-Firewall

["Simon Hornby" <simon_hornby@FW1-NOSPAMhotmail.com>]

If this is an NT environment, you need to use the local.arp file, NT will 
not do proxy arp properly.

Cheers

Simon


> From: "Iztok Umek" <iumek@elogex.com>
> To: "Jey Baskar" <JBASKAR@aimove.com>,        
> <fw-1-mailinglist@lists.us.checkpoint.com>
> Subject: RE: [FW1] NAT Problem in CP-Firewall
> Date: Mon, 15 Jan 2001 11:06:59 -0500
>
>
> Do you have IP spoofing protection? Did you put your NATed hosts into
> allowed IPs on inside NIC?
>
> Regards,
> 	Iztok
>
> > -----Original Message-----
> > From: Jey Baskar [mailto:JBASKAR@aimove.com]
> > Sent: Monday, January 15, 2001 10:28 AM
> > To: bipinm@emiratesbank.com; mustetaba@hclcomnet.co.in;
> > fw-1-mailinglist@lists.us.checkpoint.com
> > Subject: RE: [FW1] NAT Problem in CP-Firewall
> >
> >
> >
> >
> >   I did follow the suggestion of adding the arp entry and the
> > route but I am still struck up the same problem.
> >
> > After adding the following entries
> > 1. arp -s 205.148.243.3  <mac address of the external firewall>
> > 2. route add 205.148.243.3  10.1.3.5
> >
> > it doesn't seems working. I also added the next hop inside
> > the firewall too !!
> >
> > Thanks for your time and suggestion
> > Jey!
> >
> >
> > >>> Mustetab Ali Khan <mustetaba@hclcomnet.co.in> 01/14/01 10:08AM >>>
> >
> >  Dear BASKAR,
> >
> > You also need to add an arp entry for the natted address ...
> >
> > arp - 205.148.243.3 <mac address of the firewall external card>
> >
> > in addition u need to add a route as follows
> > route add 205.148.243.3 <10.x.x.x> ip of the firewall internal card
> >
> > -Mustetab
> > Network Security Engineer
> > HCL Comnet Systems & Services
> >
> > -----Original Message-----
> > From: ITN (Bipin Mehta)
> > To: 'Jey Baskar'; fw-1-mailinglist@lists.us.checkpoint.com
> > Sent: 01/14/2001 6:25 PM
> > Subject: RE: [FW1] NAT Problem in CP-Firewall
> >
> > You need to add a static route on your firewall for the translated
> > address (205.148.243.3)to the next hop inside the firewall or to the
> > internal ethernet port because before translation the firewall does
> > internal routing.
> >
> >
> >
> >
> > -----Original Message-----
> > From: Jey Baskar [ mailto:JBASKAR@aimove.com
> > <mailto:JBASKAR@aimove.com>
> > ]
> > Sent: Saturday, January 13, 2001 1:02 AM
> > To: fw-1-mailinglist@lists.us.checkpoint.com
> > Subject: [FW1] NAT Problem in CP-Firewall
> >
> >
> >
> > Hello,
> >
> > We have installed Checkpoint Firewall-1 in our environment. I
> > am facing
> > a problem of unable to PING to the NATted address.
> >
> >
> > 10.1.3.15       205.148.243.2      205.148.243.1
> > HOSTA  -------  FIREWALL  -------- ROUTER ---------- INTERNET
> >
> >
> > I have a hostA 10.1.3.15 which is on the internal network. It can ping
> > to the Firewall [205.148.243.2] and to the router [205.148.243.1]
> >
> > without any problems.
> >
> > On the Firewall I have static Address Translation for the
> > 10.1.3.15  and
> > set it as 205.148.243.3
> >
> > The problem is I can PING to the firewall [205.148.243.2] successfully
> > from the internal and external network but CANNOT ping to the static
> > address [205.148.243.3] either from the internal nor from the external
> > network. Even from the Firewall server, I CANNOT ping to the NATed
> > address [205.148.243.3]
> >
> > I have set the NAT and rules properly.
> >
> > Any help to fix this problem will be greatly appreciated!
> >
> > Thanks
> > Jey
> >
> >
> >
> > ==============================================================
> > ==========
> > ========
> >      To unsubscribe from this mailing list, please see the
> > instructions
> > at
> >                http://www.checkpoint.com/services/mailing.html
> > <http://www.checkpoint.com/services/mailing.html>
> > ==============================================================
> > ==========
> > ========
> >
> >
> >
> > ==============================================================
> > ==================
> >      To unsubscribe from this mailing list, please see the
> > instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ==============================================================
> > ==================
> >
> >
> >
> > ==============================================================
> > ==================
> >      To unsubscribe from this mailing list, please see the
> > instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ==============================================================
> > ==================
> >
>
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.



================================================================================
    To unsubscribe from this mailing list, please see the instructions at
              http://www.checkpoint.com/services/mailing.html
================================================================================